2 * Copyright 2015-2020 The OpenSSL Project Authors. All Rights Reserved.
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
13 #include <openssl/bio.h>
14 #include <openssl/conf.h>
15 #include <openssl/crypto.h>
16 #include <openssl/err.h>
17 #include <openssl/evp.h>
18 #include <openssl/rsa.h>
19 #include <openssl/x509.h>
20 #include <openssl/pem.h>
21 #include <openssl/kdf.h>
22 #include <openssl/provider.h>
23 #include <openssl/core_names.h>
24 #include <openssl/params.h>
25 #include <openssl/dsa.h>
26 #include <openssl/dh.h>
28 #include "internal/nelem.h"
29 #include "internal/sizes.h"
30 #include "crypto/evp.h"
32 static OPENSSL_CTX *testctx = NULL;
35 * kExampleRSAKeyDER is an RSA private key in ASN.1, DER format. Of course, you
36 * should never use this key anywhere but in an example.
38 static const unsigned char kExampleRSAKeyDER[] = {
39 0x30, 0x82, 0x02, 0x5c, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81, 0x00, 0xf8,
40 0xb8, 0x6c, 0x83, 0xb4, 0xbc, 0xd9, 0xa8, 0x57, 0xc0, 0xa5, 0xb4, 0x59,
41 0x76, 0x8c, 0x54, 0x1d, 0x79, 0xeb, 0x22, 0x52, 0x04, 0x7e, 0xd3, 0x37,
42 0xeb, 0x41, 0xfd, 0x83, 0xf9, 0xf0, 0xa6, 0x85, 0x15, 0x34, 0x75, 0x71,
43 0x5a, 0x84, 0xa8, 0x3c, 0xd2, 0xef, 0x5a, 0x4e, 0xd3, 0xde, 0x97, 0x8a,
44 0xdd, 0xff, 0xbb, 0xcf, 0x0a, 0xaa, 0x86, 0x92, 0xbe, 0xb8, 0x50, 0xe4,
45 0xcd, 0x6f, 0x80, 0x33, 0x30, 0x76, 0x13, 0x8f, 0xca, 0x7b, 0xdc, 0xec,
46 0x5a, 0xca, 0x63, 0xc7, 0x03, 0x25, 0xef, 0xa8, 0x8a, 0x83, 0x58, 0x76,
47 0x20, 0xfa, 0x16, 0x77, 0xd7, 0x79, 0x92, 0x63, 0x01, 0x48, 0x1a, 0xd8,
48 0x7b, 0x67, 0xf1, 0x52, 0x55, 0x49, 0x4e, 0xd6, 0x6e, 0x4a, 0x5c, 0xd7,
49 0x7a, 0x37, 0x36, 0x0c, 0xde, 0xdd, 0x8f, 0x44, 0xe8, 0xc2, 0xa7, 0x2c,
50 0x2b, 0xb5, 0xaf, 0x64, 0x4b, 0x61, 0x07, 0x02, 0x03, 0x01, 0x00, 0x01,
51 0x02, 0x81, 0x80, 0x74, 0x88, 0x64, 0x3f, 0x69, 0x45, 0x3a, 0x6d, 0xc7,
52 0x7f, 0xb9, 0xa3, 0xc0, 0x6e, 0xec, 0xdc, 0xd4, 0x5a, 0xb5, 0x32, 0x85,
53 0x5f, 0x19, 0xd4, 0xf8, 0xd4, 0x3f, 0x3c, 0xfa, 0xc2, 0xf6, 0x5f, 0xee,
54 0xe6, 0xba, 0x87, 0x74, 0x2e, 0xc7, 0x0c, 0xd4, 0x42, 0xb8, 0x66, 0x85,
55 0x9c, 0x7b, 0x24, 0x61, 0xaa, 0x16, 0x11, 0xf6, 0xb5, 0xb6, 0xa4, 0x0a,
56 0xc9, 0x55, 0x2e, 0x81, 0xa5, 0x47, 0x61, 0xcb, 0x25, 0x8f, 0xc2, 0x15,
57 0x7b, 0x0e, 0x7c, 0x36, 0x9f, 0x3a, 0xda, 0x58, 0x86, 0x1c, 0x5b, 0x83,
58 0x79, 0xe6, 0x2b, 0xcc, 0xe6, 0xfa, 0x2c, 0x61, 0xf2, 0x78, 0x80, 0x1b,
59 0xe2, 0xf3, 0x9d, 0x39, 0x2b, 0x65, 0x57, 0x91, 0x3d, 0x71, 0x99, 0x73,
60 0xa5, 0xc2, 0x79, 0x20, 0x8c, 0x07, 0x4f, 0xe5, 0xb4, 0x60, 0x1f, 0x99,
61 0xa2, 0xb1, 0x4f, 0x0c, 0xef, 0xbc, 0x59, 0x53, 0x00, 0x7d, 0xb1, 0x02,
62 0x41, 0x00, 0xfc, 0x7e, 0x23, 0x65, 0x70, 0xf8, 0xce, 0xd3, 0x40, 0x41,
63 0x80, 0x6a, 0x1d, 0x01, 0xd6, 0x01, 0xff, 0xb6, 0x1b, 0x3d, 0x3d, 0x59,
64 0x09, 0x33, 0x79, 0xc0, 0x4f, 0xde, 0x96, 0x27, 0x4b, 0x18, 0xc6, 0xd9,
65 0x78, 0xf1, 0xf4, 0x35, 0x46, 0xe9, 0x7c, 0x42, 0x7a, 0x5d, 0x9f, 0xef,
66 0x54, 0xb8, 0xf7, 0x9f, 0xc4, 0x33, 0x6c, 0xf3, 0x8c, 0x32, 0x46, 0x87,
67 0x67, 0x30, 0x7b, 0xa7, 0xac, 0xe3, 0x02, 0x41, 0x00, 0xfc, 0x2c, 0xdf,
68 0x0c, 0x0d, 0x88, 0xf5, 0xb1, 0x92, 0xa8, 0x93, 0x47, 0x63, 0x55, 0xf5,
69 0xca, 0x58, 0x43, 0xba, 0x1c, 0xe5, 0x9e, 0xb6, 0x95, 0x05, 0xcd, 0xb5,
70 0x82, 0xdf, 0xeb, 0x04, 0x53, 0x9d, 0xbd, 0xc2, 0x38, 0x16, 0xb3, 0x62,
71 0xdd, 0xa1, 0x46, 0xdb, 0x6d, 0x97, 0x93, 0x9f, 0x8a, 0xc3, 0x9b, 0x64,
72 0x7e, 0x42, 0xe3, 0x32, 0x57, 0x19, 0x1b, 0xd5, 0x6e, 0x85, 0xfa, 0xb8,
73 0x8d, 0x02, 0x41, 0x00, 0xbc, 0x3d, 0xde, 0x6d, 0xd6, 0x97, 0xe8, 0xba,
74 0x9e, 0x81, 0x37, 0x17, 0xe5, 0xa0, 0x64, 0xc9, 0x00, 0xb7, 0xe7, 0xfe,
75 0xf4, 0x29, 0xd9, 0x2e, 0x43, 0x6b, 0x19, 0x20, 0xbd, 0x99, 0x75, 0xe7,
76 0x76, 0xf8, 0xd3, 0xae, 0xaf, 0x7e, 0xb8, 0xeb, 0x81, 0xf4, 0x9d, 0xfe,
77 0x07, 0x2b, 0x0b, 0x63, 0x0b, 0x5a, 0x55, 0x90, 0x71, 0x7d, 0xf1, 0xdb,
78 0xd9, 0xb1, 0x41, 0x41, 0x68, 0x2f, 0x4e, 0x39, 0x02, 0x40, 0x5a, 0x34,
79 0x66, 0xd8, 0xf5, 0xe2, 0x7f, 0x18, 0xb5, 0x00, 0x6e, 0x26, 0x84, 0x27,
80 0x14, 0x93, 0xfb, 0xfc, 0xc6, 0x0f, 0x5e, 0x27, 0xe6, 0xe1, 0xe9, 0xc0,
81 0x8a, 0xe4, 0x34, 0xda, 0xe9, 0xa2, 0x4b, 0x73, 0xbc, 0x8c, 0xb9, 0xba,
82 0x13, 0x6c, 0x7a, 0x2b, 0x51, 0x84, 0xa3, 0x4a, 0xe0, 0x30, 0x10, 0x06,
83 0x7e, 0xed, 0x17, 0x5a, 0x14, 0x00, 0xc9, 0xef, 0x85, 0xea, 0x52, 0x2c,
84 0xbc, 0x65, 0x02, 0x40, 0x51, 0xe3, 0xf2, 0x83, 0x19, 0x9b, 0xc4, 0x1e,
85 0x2f, 0x50, 0x3d, 0xdf, 0x5a, 0xa2, 0x18, 0xca, 0x5f, 0x2e, 0x49, 0xaf,
86 0x6f, 0xcc, 0xfa, 0x65, 0x77, 0x94, 0xb5, 0xa1, 0x0a, 0xa9, 0xd1, 0x8a,
87 0x39, 0x37, 0xf4, 0x0b, 0xa0, 0xd7, 0x82, 0x27, 0x5e, 0xae, 0x17, 0x17,
88 0xa1, 0x1e, 0x54, 0x34, 0xbf, 0x6e, 0xc4, 0x8e, 0x99, 0x5d, 0x08, 0xf1,
89 0x2d, 0x86, 0x9d, 0xa5, 0x20, 0x1b, 0xe5, 0xdf,
93 * kExampleDSAKeyDER is a DSA private key in ASN.1, DER format. Of course, you
94 * should never use this key anywhere but in an example.
96 #ifndef OPENSSL_NO_DSA
97 static const unsigned char kExampleDSAKeyDER[] = {
98 0x30, 0x82, 0x01, 0xba, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81, 0x00, 0x9a,
99 0x05, 0x6d, 0x33, 0xcd, 0x5d, 0x78, 0xa1, 0xbb, 0xcb, 0x7d, 0x5b, 0x8d,
100 0xb4, 0xcc, 0xbf, 0x03, 0x99, 0x64, 0xde, 0x38, 0x78, 0x06, 0x15, 0x2f,
101 0x86, 0x26, 0x77, 0xf3, 0xb1, 0x85, 0x00, 0xed, 0xfc, 0x28, 0x3a, 0x42,
102 0x4d, 0xab, 0xab, 0xdf, 0xbc, 0x9c, 0x16, 0xd0, 0x22, 0x50, 0xd1, 0x38,
103 0xdd, 0x3f, 0x64, 0x05, 0x9e, 0x68, 0x7a, 0x1e, 0xf1, 0x56, 0xbf, 0x1e,
104 0x2c, 0xc5, 0x97, 0x2a, 0xfe, 0x7a, 0x22, 0xdc, 0x6c, 0x68, 0xb8, 0x2e,
105 0x06, 0xdb, 0x41, 0xca, 0x98, 0xd8, 0x54, 0xc7, 0x64, 0x48, 0x24, 0x04,
106 0x20, 0xbc, 0x59, 0xe3, 0x6b, 0xea, 0x7e, 0xfc, 0x7e, 0xc5, 0x4e, 0xd4,
107 0xd8, 0x3a, 0xed, 0xcd, 0x5d, 0x99, 0xb8, 0x5c, 0xa2, 0x8b, 0xbb, 0x0b,
108 0xac, 0xe6, 0x8e, 0x25, 0x56, 0x22, 0x3a, 0x2d, 0x3a, 0x56, 0x41, 0x14,
109 0x1f, 0x1c, 0x8f, 0x53, 0x46, 0x13, 0x85, 0x02, 0x15, 0x00, 0x98, 0x7e,
110 0x92, 0x81, 0x88, 0xc7, 0x3f, 0x70, 0x49, 0x54, 0xf6, 0x76, 0xb4, 0xa3,
111 0x9e, 0x1d, 0x45, 0x98, 0x32, 0x7f, 0x02, 0x81, 0x80, 0x69, 0x4d, 0xef,
112 0x55, 0xff, 0x4d, 0x59, 0x2c, 0x01, 0xfa, 0x6a, 0x38, 0xe0, 0x70, 0x9f,
113 0x9e, 0x66, 0x8e, 0x3e, 0x8c, 0x52, 0x22, 0x9d, 0x15, 0x7e, 0x3c, 0xef,
114 0x4c, 0x7a, 0x61, 0x26, 0xe0, 0x2b, 0x81, 0x3f, 0xeb, 0xaf, 0x35, 0x38,
115 0x8d, 0xfe, 0xed, 0x46, 0xff, 0x5f, 0x03, 0x9b, 0x81, 0x92, 0xe7, 0x6f,
116 0x76, 0x4f, 0x1d, 0xd9, 0xbb, 0x89, 0xc9, 0x3e, 0xd9, 0x0b, 0xf9, 0xf4,
117 0x78, 0x11, 0x59, 0xc0, 0x1d, 0xcd, 0x0e, 0xa1, 0x6f, 0x15, 0xf1, 0x4d,
118 0xc1, 0xc9, 0x22, 0xed, 0x8d, 0xad, 0x67, 0xc5, 0x4b, 0x95, 0x93, 0x86,
119 0xa6, 0xaf, 0x8a, 0xee, 0x06, 0x89, 0x2f, 0x37, 0x7e, 0x64, 0xaa, 0xf6,
120 0xe7, 0xb1, 0x5a, 0x0a, 0x93, 0x95, 0x5d, 0x3e, 0x53, 0x9a, 0xde, 0x8a,
121 0xc2, 0x95, 0x45, 0x81, 0xbe, 0x5c, 0x2f, 0xc2, 0xb2, 0x92, 0x58, 0x19,
122 0x72, 0x80, 0xe9, 0x79, 0xa1, 0x02, 0x81, 0x80, 0x07, 0xd7, 0x62, 0xff,
123 0xdf, 0x1a, 0x3f, 0xed, 0x32, 0xd4, 0xd4, 0x88, 0x7b, 0x2c, 0x63, 0x7f,
124 0x97, 0xdc, 0x44, 0xd4, 0x84, 0xa2, 0xdd, 0x17, 0x16, 0x85, 0x13, 0xe0,
125 0xac, 0x51, 0x8d, 0x29, 0x1b, 0x75, 0x9a, 0xe4, 0xe3, 0x8a, 0x92, 0x69,
126 0x09, 0x03, 0xc5, 0x68, 0xae, 0x5e, 0x94, 0xfe, 0xc9, 0x92, 0x6c, 0x07,
127 0xb4, 0x1e, 0x64, 0x62, 0x87, 0xc6, 0xa4, 0xfd, 0x0d, 0x5f, 0xe5, 0xf9,
128 0x1b, 0x4f, 0x85, 0x5f, 0xae, 0xf3, 0x11, 0xe5, 0x18, 0xd4, 0x4d, 0x79,
129 0x9f, 0xc4, 0x79, 0x26, 0x04, 0x27, 0xf0, 0x0b, 0xee, 0x2b, 0x86, 0x9f,
130 0x86, 0x61, 0xe6, 0x51, 0xce, 0x04, 0x9b, 0x5d, 0x6b, 0x34, 0x43, 0x8c,
131 0x85, 0x3c, 0xf1, 0x51, 0x9b, 0x08, 0x23, 0x1b, 0xf5, 0x7e, 0x33, 0x12,
132 0xea, 0xab, 0x1f, 0xb7, 0x2d, 0xe2, 0x5f, 0xe6, 0x97, 0x99, 0xb5, 0x45,
133 0x16, 0x5b, 0xc3, 0x41, 0x02, 0x14, 0x61, 0xbf, 0x51, 0x60, 0xcf, 0xc8,
134 0xf1, 0x8c, 0x82, 0x97, 0xf2, 0xf4, 0x19, 0xba, 0x2b, 0xf3, 0x16, 0xbe,
140 * kExampleBadRSAKeyDER is an RSA private key in ASN.1, DER format. The private
141 * components are not correct.
143 static const unsigned char kExampleBadRSAKeyDER[] = {
144 0x30, 0x82, 0x04, 0x27, 0x02, 0x01, 0x00, 0x02, 0x82, 0x01, 0x01, 0x00,
145 0xa6, 0x1a, 0x1e, 0x6e, 0x7b, 0xee, 0xc6, 0x89, 0x66, 0xe7, 0x93, 0xef,
146 0x54, 0x12, 0x68, 0xea, 0xbf, 0x86, 0x2f, 0xdd, 0xd2, 0x79, 0xb8, 0xa9,
147 0x6e, 0x03, 0xc2, 0xa3, 0xb9, 0xa3, 0xe1, 0x4b, 0x2a, 0xb3, 0xf8, 0xb4,
148 0xcd, 0xea, 0xbe, 0x24, 0xa6, 0x57, 0x5b, 0x83, 0x1f, 0x0f, 0xf2, 0xd3,
149 0xb7, 0xac, 0x7e, 0xd6, 0x8e, 0x6e, 0x1e, 0xbf, 0xb8, 0x73, 0x8c, 0x05,
150 0x56, 0xe6, 0x35, 0x1f, 0xe9, 0x04, 0x0b, 0x09, 0x86, 0x7d, 0xf1, 0x26,
151 0x08, 0x99, 0xad, 0x7b, 0xc8, 0x4d, 0x94, 0xb0, 0x0b, 0x8b, 0x38, 0xa0,
152 0x5c, 0x62, 0xa0, 0xab, 0xd3, 0x8f, 0xd4, 0x09, 0x60, 0x72, 0x1e, 0x33,
153 0x50, 0x80, 0x6e, 0x22, 0xa6, 0x77, 0x57, 0x6b, 0x9a, 0x33, 0x21, 0x66,
154 0x87, 0x6e, 0x21, 0x7b, 0xc7, 0x24, 0x0e, 0xd8, 0x13, 0xdf, 0x83, 0xde,
155 0xcd, 0x40, 0x58, 0x1d, 0x84, 0x86, 0xeb, 0xb8, 0x12, 0x4e, 0xd2, 0xfa,
156 0x80, 0x1f, 0xe4, 0xe7, 0x96, 0x29, 0xb8, 0xcc, 0xce, 0x66, 0x6d, 0x53,
157 0xca, 0xb9, 0x5a, 0xd7, 0xf6, 0x84, 0x6c, 0x2d, 0x9a, 0x1a, 0x14, 0x1c,
158 0x4e, 0x93, 0x39, 0xba, 0x74, 0xed, 0xed, 0x87, 0x87, 0x5e, 0x48, 0x75,
159 0x36, 0xf0, 0xbc, 0x34, 0xfb, 0x29, 0xf9, 0x9f, 0x96, 0x5b, 0x0b, 0xa7,
160 0x54, 0x30, 0x51, 0x29, 0x18, 0x5b, 0x7d, 0xac, 0x0f, 0xd6, 0x5f, 0x7c,
161 0xf8, 0x98, 0x8c, 0xd8, 0x86, 0x62, 0xb3, 0xdc, 0xff, 0x0f, 0xff, 0x7a,
162 0xaf, 0x5c, 0x4c, 0x61, 0x49, 0x2e, 0xc8, 0x95, 0x86, 0xc4, 0x0e, 0x87,
163 0xfc, 0x1d, 0xcf, 0x8b, 0x7c, 0x61, 0xf6, 0xd8, 0xd0, 0x69, 0xf6, 0xcd,
164 0x8a, 0x8c, 0xf6, 0x62, 0xa2, 0x56, 0xa9, 0xe3, 0xd1, 0xcf, 0x4d, 0xa0,
165 0xf6, 0x2d, 0x20, 0x0a, 0x04, 0xb7, 0xa2, 0xf7, 0xb5, 0x99, 0x47, 0x18,
166 0x56, 0x85, 0x87, 0xc7, 0x02, 0x03, 0x01, 0x00, 0x01, 0x02, 0x82, 0x01,
167 0x01, 0x00, 0x99, 0x41, 0x38, 0x1a, 0xd0, 0x96, 0x7a, 0xf0, 0x83, 0xd5,
168 0xdf, 0x94, 0xce, 0x89, 0x3d, 0xec, 0x7a, 0x52, 0x21, 0x10, 0x16, 0x06,
169 0xe0, 0xee, 0xd2, 0xe6, 0xfd, 0x4b, 0x7b, 0x19, 0x4d, 0xe1, 0xc0, 0xc0,
170 0xd5, 0x14, 0x5d, 0x79, 0xdd, 0x7e, 0x8b, 0x4b, 0xc6, 0xcf, 0xb0, 0x75,
171 0x52, 0xa3, 0x2d, 0xb1, 0x26, 0x46, 0x68, 0x9c, 0x0a, 0x1a, 0xf2, 0xe1,
172 0x09, 0xac, 0x53, 0x85, 0x8c, 0x36, 0xa9, 0x14, 0x65, 0xea, 0xa0, 0x00,
173 0xcb, 0xe3, 0x3f, 0xc4, 0x2b, 0x61, 0x2e, 0x6b, 0x06, 0x69, 0x77, 0xfd,
174 0x38, 0x7e, 0x1d, 0x3f, 0x92, 0xe7, 0x77, 0x08, 0x19, 0xa7, 0x9d, 0x29,
175 0x2d, 0xdc, 0x42, 0xc6, 0x7c, 0xd7, 0xd3, 0xa8, 0x01, 0x2c, 0xf2, 0xd5,
176 0x82, 0x57, 0xcb, 0x55, 0x3d, 0xe7, 0xaa, 0xd2, 0x06, 0x30, 0x30, 0x05,
177 0xe6, 0xf2, 0x47, 0x86, 0xba, 0xc6, 0x61, 0x64, 0xeb, 0x4f, 0x2a, 0x5e,
178 0x07, 0x29, 0xe0, 0x96, 0xb2, 0x43, 0xff, 0x5f, 0x1a, 0x54, 0x16, 0xcf,
179 0xb5, 0x56, 0x5c, 0xa0, 0x9b, 0x0c, 0xfd, 0xb3, 0xd2, 0xe3, 0x79, 0x1d,
180 0x21, 0xe2, 0xd6, 0x13, 0xc4, 0x74, 0xa6, 0xf5, 0x8e, 0x8e, 0x81, 0xbb,
181 0xb4, 0xad, 0x8a, 0xf0, 0x93, 0x0a, 0xd8, 0x0a, 0x42, 0x36, 0xbc, 0xe5,
182 0x26, 0x2a, 0x0d, 0x5d, 0x57, 0x13, 0xc5, 0x4e, 0x2f, 0x12, 0x0e, 0xef,
183 0xa7, 0x81, 0x1e, 0xc3, 0xa5, 0xdb, 0xc9, 0x24, 0xeb, 0x1a, 0xa1, 0xf9,
184 0xf6, 0xa1, 0x78, 0x98, 0x93, 0x77, 0x42, 0x45, 0x03, 0xe2, 0xc9, 0xa2,
185 0xfe, 0x2d, 0x77, 0xc8, 0xc6, 0xac, 0x9b, 0x98, 0x89, 0x6d, 0x9a, 0xe7,
186 0x61, 0x63, 0xb7, 0xf2, 0xec, 0xd6, 0xb1, 0xa1, 0x6e, 0x0a, 0x1a, 0xff,
187 0xfd, 0x43, 0x28, 0xc3, 0x0c, 0xdc, 0xf2, 0x47, 0x4f, 0x27, 0xaa, 0x99,
188 0x04, 0x8e, 0xac, 0xe8, 0x7c, 0x01, 0x02, 0x04, 0x12, 0x34, 0x56, 0x78,
189 0x02, 0x81, 0x81, 0x00, 0xca, 0x69, 0xe5, 0xbb, 0x3a, 0x90, 0x82, 0xcb,
190 0x82, 0x50, 0x2f, 0x29, 0xe2, 0x76, 0x6a, 0x57, 0x55, 0x45, 0x4e, 0x35,
191 0x18, 0x61, 0xe0, 0x12, 0x70, 0xc0, 0xab, 0xc7, 0x80, 0xa2, 0xd4, 0x46,
192 0x34, 0x03, 0xa0, 0x19, 0x26, 0x23, 0x9e, 0xef, 0x1a, 0xcb, 0x75, 0xd6,
193 0xba, 0x81, 0xf4, 0x7e, 0x52, 0xe5, 0x2a, 0xe8, 0xf1, 0x49, 0x6c, 0x0f,
194 0x1a, 0xa0, 0xf9, 0xc6, 0xe7, 0xec, 0x60, 0xe4, 0xcb, 0x2a, 0xb5, 0x56,
195 0xe9, 0x9c, 0xcd, 0x19, 0x75, 0x92, 0xb1, 0x66, 0xce, 0xc3, 0xd9, 0x3d,
196 0x11, 0xcb, 0xc4, 0x09, 0xce, 0x1e, 0x30, 0xba, 0x2f, 0x60, 0x60, 0x55,
197 0x8d, 0x02, 0xdc, 0x5d, 0xaf, 0xf7, 0x52, 0x31, 0x17, 0x07, 0x53, 0x20,
198 0x33, 0xad, 0x8c, 0xd5, 0x2f, 0x5a, 0xd0, 0x57, 0xd7, 0xd1, 0x80, 0xd6,
199 0x3a, 0x9b, 0x04, 0x4f, 0x35, 0xbf, 0xe7, 0xd5, 0xbc, 0x8f, 0xd4, 0x81,
200 0x02, 0x81, 0x81, 0x00, 0xc0, 0x9f, 0xf8, 0xcd, 0xf7, 0x3f, 0x26, 0x8a,
201 0x3d, 0x4d, 0x2b, 0x0c, 0x01, 0xd0, 0xa2, 0xb4, 0x18, 0xfe, 0xf7, 0x5e,
202 0x2f, 0x06, 0x13, 0xcd, 0x63, 0xaa, 0x12, 0xa9, 0x24, 0x86, 0xe3, 0xf3,
203 0x7b, 0xda, 0x1a, 0x3c, 0xb1, 0x38, 0x80, 0x80, 0xef, 0x64, 0x64, 0xa1,
204 0x9b, 0xfe, 0x76, 0x63, 0x8e, 0x83, 0xd2, 0xd9, 0xb9, 0x86, 0xb0, 0xe6,
205 0xa6, 0x0c, 0x7e, 0xa8, 0x84, 0x90, 0x98, 0x0c, 0x1e, 0xf3, 0x14, 0x77,
206 0xe0, 0x5f, 0x81, 0x08, 0x11, 0x8f, 0xa6, 0x23, 0xc4, 0xba, 0xc0, 0x8a,
207 0xe4, 0xc6, 0xe3, 0x5c, 0xbe, 0xc5, 0xec, 0x2c, 0xb9, 0xd8, 0x8c, 0x4d,
208 0x1a, 0x9d, 0xe7, 0x7c, 0x85, 0x4c, 0x0d, 0x71, 0x4e, 0x72, 0x33, 0x1b,
209 0xfe, 0xa9, 0x17, 0x72, 0x76, 0x56, 0x9d, 0x74, 0x7e, 0x52, 0x67, 0x9a,
210 0x87, 0x9a, 0xdb, 0x30, 0xde, 0xe4, 0x49, 0x28, 0x3b, 0xd2, 0x67, 0xaf,
211 0x02, 0x81, 0x81, 0x00, 0x89, 0x74, 0x9a, 0x8e, 0xa7, 0xb9, 0xa5, 0x28,
212 0xc0, 0x68, 0xe5, 0x6e, 0x63, 0x1c, 0x99, 0x20, 0x8f, 0x86, 0x8e, 0x12,
213 0x9e, 0x69, 0x30, 0xfa, 0x34, 0xd9, 0x92, 0x8d, 0xdb, 0x7c, 0x37, 0xfd,
214 0x28, 0xab, 0x61, 0x98, 0x52, 0x7f, 0x14, 0x1a, 0x39, 0xae, 0xfb, 0x6a,
215 0x03, 0xa3, 0xe6, 0xbd, 0xb6, 0x5b, 0x6b, 0xe5, 0x5e, 0x9d, 0xc6, 0xa5,
216 0x07, 0x27, 0x54, 0x17, 0xd0, 0x3d, 0x84, 0x9b, 0x3a, 0xa0, 0xd9, 0x1e,
217 0x99, 0x6c, 0x63, 0x17, 0xab, 0xf1, 0x1f, 0x49, 0xba, 0x95, 0xe3, 0x3b,
218 0x86, 0x8f, 0x42, 0xa4, 0x89, 0xf5, 0x94, 0x8f, 0x8b, 0x46, 0xbe, 0x84,
219 0xba, 0x4a, 0xbc, 0x0d, 0x5f, 0x46, 0xeb, 0xe8, 0xec, 0x43, 0x8c, 0x1e,
220 0xad, 0x19, 0x69, 0x2f, 0x08, 0x86, 0x7a, 0x3f, 0x7d, 0x0f, 0x07, 0x97,
221 0xf3, 0x9a, 0x7b, 0xb5, 0xb2, 0xc1, 0x8c, 0x95, 0x68, 0x04, 0xa0, 0x81,
222 0x02, 0x81, 0x80, 0x4e, 0xbf, 0x7e, 0x1b, 0xcb, 0x13, 0x61, 0x75, 0x3b,
223 0xdb, 0x59, 0x5f, 0xb1, 0xd4, 0xb8, 0xeb, 0x9e, 0x73, 0xb5, 0xe7, 0xf6,
224 0x89, 0x3d, 0x1c, 0xda, 0xf0, 0x36, 0xff, 0x35, 0xbd, 0x1e, 0x0b, 0x74,
225 0xe3, 0x9e, 0xf0, 0xf2, 0xf7, 0xd7, 0x82, 0xb7, 0x7b, 0x6a, 0x1b, 0x0e,
226 0x30, 0x4a, 0x98, 0x0e, 0xb4, 0xf9, 0x81, 0x07, 0xe4, 0x75, 0x39, 0xe9,
227 0x53, 0xca, 0xbb, 0x5c, 0xaa, 0x93, 0x07, 0x0e, 0xa8, 0x2f, 0xba, 0x98,
228 0x49, 0x30, 0xa7, 0xcc, 0x1a, 0x3c, 0x68, 0x0c, 0xe1, 0xa4, 0xb1, 0x05,
229 0xe6, 0xe0, 0x25, 0x78, 0x58, 0x14, 0x37, 0xf5, 0x1f, 0xe3, 0x22, 0xef,
230 0xa8, 0x0e, 0x22, 0xa0, 0x94, 0x3a, 0xf6, 0xc9, 0x13, 0xe6, 0x06, 0xbf,
231 0x7f, 0x99, 0xc6, 0xcc, 0xd8, 0xc6, 0xbe, 0xd9, 0x2e, 0x24, 0xc7, 0x69,
232 0x8c, 0x95, 0xba, 0xf6, 0x04, 0xb3, 0x0a, 0xf4, 0xcb, 0xf0, 0xce,
235 static const unsigned char kMsg[] = { 1, 2, 3, 4 };
237 static const unsigned char kSignature[] = {
238 0xa5, 0xf0, 0x8a, 0x47, 0x5d, 0x3c, 0xb3, 0xcc, 0xa9, 0x79, 0xaf, 0x4d,
239 0x8c, 0xae, 0x4c, 0x14, 0xef, 0xc2, 0x0b, 0x34, 0x36, 0xde, 0xf4, 0x3e,
240 0x3d, 0xbb, 0x4a, 0x60, 0x5c, 0xc8, 0x91, 0x28, 0xda, 0xfb, 0x7e, 0x04,
241 0x96, 0x7e, 0x63, 0x13, 0x90, 0xce, 0xb9, 0xb4, 0x62, 0x7a, 0xfd, 0x09,
242 0x3d, 0xc7, 0x67, 0x78, 0x54, 0x04, 0xeb, 0x52, 0x62, 0x6e, 0x24, 0x67,
243 0xb4, 0x40, 0xfc, 0x57, 0x62, 0xc6, 0xf1, 0x67, 0xc1, 0x97, 0x8f, 0x6a,
244 0xa8, 0xae, 0x44, 0x46, 0x5e, 0xab, 0x67, 0x17, 0x53, 0x19, 0x3a, 0xda,
245 0x5a, 0xc8, 0x16, 0x3e, 0x86, 0xd5, 0xc5, 0x71, 0x2f, 0xfc, 0x23, 0x48,
246 0xd9, 0x0b, 0x13, 0xdd, 0x7b, 0x5a, 0x25, 0x79, 0xef, 0xa5, 0x7b, 0x04,
247 0xed, 0x44, 0xf6, 0x18, 0x55, 0xe4, 0x0a, 0xe9, 0x57, 0x79, 0x5d, 0xd7,
248 0x55, 0xa7, 0xab, 0x45, 0x02, 0x97, 0x60, 0x42,
252 * kExampleRSAKeyPKCS8 is kExampleRSAKeyDER encoded in a PKCS #8
255 static const unsigned char kExampleRSAKeyPKCS8[] = {
256 0x30, 0x82, 0x02, 0x76, 0x02, 0x01, 0x00, 0x30, 0x0d, 0x06, 0x09, 0x2a,
257 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x04, 0x82,
258 0x02, 0x60, 0x30, 0x82, 0x02, 0x5c, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81,
259 0x00, 0xf8, 0xb8, 0x6c, 0x83, 0xb4, 0xbc, 0xd9, 0xa8, 0x57, 0xc0, 0xa5,
260 0xb4, 0x59, 0x76, 0x8c, 0x54, 0x1d, 0x79, 0xeb, 0x22, 0x52, 0x04, 0x7e,
261 0xd3, 0x37, 0xeb, 0x41, 0xfd, 0x83, 0xf9, 0xf0, 0xa6, 0x85, 0x15, 0x34,
262 0x75, 0x71, 0x5a, 0x84, 0xa8, 0x3c, 0xd2, 0xef, 0x5a, 0x4e, 0xd3, 0xde,
263 0x97, 0x8a, 0xdd, 0xff, 0xbb, 0xcf, 0x0a, 0xaa, 0x86, 0x92, 0xbe, 0xb8,
264 0x50, 0xe4, 0xcd, 0x6f, 0x80, 0x33, 0x30, 0x76, 0x13, 0x8f, 0xca, 0x7b,
265 0xdc, 0xec, 0x5a, 0xca, 0x63, 0xc7, 0x03, 0x25, 0xef, 0xa8, 0x8a, 0x83,
266 0x58, 0x76, 0x20, 0xfa, 0x16, 0x77, 0xd7, 0x79, 0x92, 0x63, 0x01, 0x48,
267 0x1a, 0xd8, 0x7b, 0x67, 0xf1, 0x52, 0x55, 0x49, 0x4e, 0xd6, 0x6e, 0x4a,
268 0x5c, 0xd7, 0x7a, 0x37, 0x36, 0x0c, 0xde, 0xdd, 0x8f, 0x44, 0xe8, 0xc2,
269 0xa7, 0x2c, 0x2b, 0xb5, 0xaf, 0x64, 0x4b, 0x61, 0x07, 0x02, 0x03, 0x01,
270 0x00, 0x01, 0x02, 0x81, 0x80, 0x74, 0x88, 0x64, 0x3f, 0x69, 0x45, 0x3a,
271 0x6d, 0xc7, 0x7f, 0xb9, 0xa3, 0xc0, 0x6e, 0xec, 0xdc, 0xd4, 0x5a, 0xb5,
272 0x32, 0x85, 0x5f, 0x19, 0xd4, 0xf8, 0xd4, 0x3f, 0x3c, 0xfa, 0xc2, 0xf6,
273 0x5f, 0xee, 0xe6, 0xba, 0x87, 0x74, 0x2e, 0xc7, 0x0c, 0xd4, 0x42, 0xb8,
274 0x66, 0x85, 0x9c, 0x7b, 0x24, 0x61, 0xaa, 0x16, 0x11, 0xf6, 0xb5, 0xb6,
275 0xa4, 0x0a, 0xc9, 0x55, 0x2e, 0x81, 0xa5, 0x47, 0x61, 0xcb, 0x25, 0x8f,
276 0xc2, 0x15, 0x7b, 0x0e, 0x7c, 0x36, 0x9f, 0x3a, 0xda, 0x58, 0x86, 0x1c,
277 0x5b, 0x83, 0x79, 0xe6, 0x2b, 0xcc, 0xe6, 0xfa, 0x2c, 0x61, 0xf2, 0x78,
278 0x80, 0x1b, 0xe2, 0xf3, 0x9d, 0x39, 0x2b, 0x65, 0x57, 0x91, 0x3d, 0x71,
279 0x99, 0x73, 0xa5, 0xc2, 0x79, 0x20, 0x8c, 0x07, 0x4f, 0xe5, 0xb4, 0x60,
280 0x1f, 0x99, 0xa2, 0xb1, 0x4f, 0x0c, 0xef, 0xbc, 0x59, 0x53, 0x00, 0x7d,
281 0xb1, 0x02, 0x41, 0x00, 0xfc, 0x7e, 0x23, 0x65, 0x70, 0xf8, 0xce, 0xd3,
282 0x40, 0x41, 0x80, 0x6a, 0x1d, 0x01, 0xd6, 0x01, 0xff, 0xb6, 0x1b, 0x3d,
283 0x3d, 0x59, 0x09, 0x33, 0x79, 0xc0, 0x4f, 0xde, 0x96, 0x27, 0x4b, 0x18,
284 0xc6, 0xd9, 0x78, 0xf1, 0xf4, 0x35, 0x46, 0xe9, 0x7c, 0x42, 0x7a, 0x5d,
285 0x9f, 0xef, 0x54, 0xb8, 0xf7, 0x9f, 0xc4, 0x33, 0x6c, 0xf3, 0x8c, 0x32,
286 0x46, 0x87, 0x67, 0x30, 0x7b, 0xa7, 0xac, 0xe3, 0x02, 0x41, 0x00, 0xfc,
287 0x2c, 0xdf, 0x0c, 0x0d, 0x88, 0xf5, 0xb1, 0x92, 0xa8, 0x93, 0x47, 0x63,
288 0x55, 0xf5, 0xca, 0x58, 0x43, 0xba, 0x1c, 0xe5, 0x9e, 0xb6, 0x95, 0x05,
289 0xcd, 0xb5, 0x82, 0xdf, 0xeb, 0x04, 0x53, 0x9d, 0xbd, 0xc2, 0x38, 0x16,
290 0xb3, 0x62, 0xdd, 0xa1, 0x46, 0xdb, 0x6d, 0x97, 0x93, 0x9f, 0x8a, 0xc3,
291 0x9b, 0x64, 0x7e, 0x42, 0xe3, 0x32, 0x57, 0x19, 0x1b, 0xd5, 0x6e, 0x85,
292 0xfa, 0xb8, 0x8d, 0x02, 0x41, 0x00, 0xbc, 0x3d, 0xde, 0x6d, 0xd6, 0x97,
293 0xe8, 0xba, 0x9e, 0x81, 0x37, 0x17, 0xe5, 0xa0, 0x64, 0xc9, 0x00, 0xb7,
294 0xe7, 0xfe, 0xf4, 0x29, 0xd9, 0x2e, 0x43, 0x6b, 0x19, 0x20, 0xbd, 0x99,
295 0x75, 0xe7, 0x76, 0xf8, 0xd3, 0xae, 0xaf, 0x7e, 0xb8, 0xeb, 0x81, 0xf4,
296 0x9d, 0xfe, 0x07, 0x2b, 0x0b, 0x63, 0x0b, 0x5a, 0x55, 0x90, 0x71, 0x7d,
297 0xf1, 0xdb, 0xd9, 0xb1, 0x41, 0x41, 0x68, 0x2f, 0x4e, 0x39, 0x02, 0x40,
298 0x5a, 0x34, 0x66, 0xd8, 0xf5, 0xe2, 0x7f, 0x18, 0xb5, 0x00, 0x6e, 0x26,
299 0x84, 0x27, 0x14, 0x93, 0xfb, 0xfc, 0xc6, 0x0f, 0x5e, 0x27, 0xe6, 0xe1,
300 0xe9, 0xc0, 0x8a, 0xe4, 0x34, 0xda, 0xe9, 0xa2, 0x4b, 0x73, 0xbc, 0x8c,
301 0xb9, 0xba, 0x13, 0x6c, 0x7a, 0x2b, 0x51, 0x84, 0xa3, 0x4a, 0xe0, 0x30,
302 0x10, 0x06, 0x7e, 0xed, 0x17, 0x5a, 0x14, 0x00, 0xc9, 0xef, 0x85, 0xea,
303 0x52, 0x2c, 0xbc, 0x65, 0x02, 0x40, 0x51, 0xe3, 0xf2, 0x83, 0x19, 0x9b,
304 0xc4, 0x1e, 0x2f, 0x50, 0x3d, 0xdf, 0x5a, 0xa2, 0x18, 0xca, 0x5f, 0x2e,
305 0x49, 0xaf, 0x6f, 0xcc, 0xfa, 0x65, 0x77, 0x94, 0xb5, 0xa1, 0x0a, 0xa9,
306 0xd1, 0x8a, 0x39, 0x37, 0xf4, 0x0b, 0xa0, 0xd7, 0x82, 0x27, 0x5e, 0xae,
307 0x17, 0x17, 0xa1, 0x1e, 0x54, 0x34, 0xbf, 0x6e, 0xc4, 0x8e, 0x99, 0x5d,
308 0x08, 0xf1, 0x2d, 0x86, 0x9d, 0xa5, 0x20, 0x1b, 0xe5, 0xdf,
311 #ifndef OPENSSL_NO_EC
313 * kExampleECKeyDER is a sample EC private key encoded as an ECPrivateKey
316 static const unsigned char kExampleECKeyDER[] = {
317 0x30, 0x77, 0x02, 0x01, 0x01, 0x04, 0x20, 0x07, 0x0f, 0x08, 0x72, 0x7a,
318 0xd4, 0xa0, 0x4a, 0x9c, 0xdd, 0x59, 0xc9, 0x4d, 0x89, 0x68, 0x77, 0x08,
319 0xb5, 0x6f, 0xc9, 0x5d, 0x30, 0x77, 0x0e, 0xe8, 0xd1, 0xc9, 0xce, 0x0a,
320 0x8b, 0xb4, 0x6a, 0xa0, 0x0a, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d,
321 0x03, 0x01, 0x07, 0xa1, 0x44, 0x03, 0x42, 0x00, 0x04, 0xe6, 0x2b, 0x69,
322 0xe2, 0xbf, 0x65, 0x9f, 0x97, 0xbe, 0x2f, 0x1e, 0x0d, 0x94, 0x8a, 0x4c,
323 0xd5, 0x97, 0x6b, 0xb7, 0xa9, 0x1e, 0x0d, 0x46, 0xfb, 0xdd, 0xa9, 0xa9,
324 0x1e, 0x9d, 0xdc, 0xba, 0x5a, 0x01, 0xe7, 0xd6, 0x97, 0xa8, 0x0a, 0x18,
325 0xf9, 0xc3, 0xc4, 0xa3, 0x1e, 0x56, 0xe2, 0x7c, 0x83, 0x48, 0xdb, 0x16,
326 0x1a, 0x1c, 0xf5, 0x1d, 0x7e, 0xf1, 0x94, 0x2d, 0x4b, 0xcf, 0x72, 0x22,
331 * kExampleBadECKeyDER is a sample EC private key encoded as an ECPrivateKey
332 * structure. The private key is equal to the order and will fail to import
334 static const unsigned char kExampleBadECKeyDER[] = {
335 0x30, 0x66, 0x02, 0x01, 0x00, 0x30, 0x13, 0x06, 0x07, 0x2A, 0x86, 0x48,
336 0xCE, 0x3D, 0x02, 0x01, 0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x03,
337 0x01, 0x07, 0x04, 0x4C, 0x30, 0x4A, 0x02, 0x01, 0x01, 0x04, 0x20, 0xFF,
338 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
339 0xFF, 0xFF, 0xFF, 0xBC, 0xE6, 0xFA, 0xAD, 0xA7, 0x17, 0x9E, 0x84, 0xF3,
340 0xB9, 0xCA, 0xC2, 0xFC, 0x63, 0x25, 0x51, 0xA1, 0x23, 0x03, 0x21, 0x00,
341 0x00, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF,
342 0xFF, 0xFF, 0xFF, 0xFF, 0xBC, 0xE6, 0xFA, 0xAD, 0xA7, 0x17, 0x9E, 0x84,
343 0xF3, 0xB9, 0xCA, 0xC2, 0xFC, 0x63, 0x25, 0x51
347 static const unsigned char kExampleECPubKeyDER[] = {
348 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
349 0x01, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, 0x03,
350 0x42, 0x00, 0x04, 0xba, 0xeb, 0x83, 0xfb, 0x3b, 0xb2, 0xff, 0x30, 0x53,
351 0xdb, 0xce, 0x32, 0xf2, 0xac, 0xae, 0x44, 0x0d, 0x3d, 0x13, 0x53, 0xb8,
352 0xd1, 0x68, 0x55, 0xde, 0x44, 0x46, 0x05, 0xa6, 0xc9, 0xd2, 0x04, 0xb7,
353 0xe3, 0xa2, 0x96, 0xc8, 0xb2, 0x5e, 0x22, 0x03, 0xd7, 0x03, 0x7a, 0x8b,
354 0x13, 0x5c, 0x42, 0x49, 0xc2, 0xab, 0x86, 0xd6, 0xac, 0x6b, 0x93, 0x20,
355 0x56, 0x6a, 0xc6, 0xc8, 0xa5, 0x0b, 0xe5
359 * kExampleBadECPubKeyDER is a sample EC public key with a wrong OID
360 * 1.2.840.10045.2.2 instead of 1.2.840.10045.2.1 - EC Public Key
362 static const unsigned char kExampleBadECPubKeyDER[] = {
363 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
364 0x02, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, 0x03,
365 0x42, 0x00, 0x04, 0xba, 0xeb, 0x83, 0xfb, 0x3b, 0xb2, 0xff, 0x30, 0x53,
366 0xdb, 0xce, 0x32, 0xf2, 0xac, 0xae, 0x44, 0x0d, 0x3d, 0x13, 0x53, 0xb8,
367 0xd1, 0x68, 0x55, 0xde, 0x44, 0x46, 0x05, 0xa6, 0xc9, 0xd2, 0x04, 0xb7,
368 0xe3, 0xa2, 0x96, 0xc8, 0xb2, 0x5e, 0x22, 0x03, 0xd7, 0x03, 0x7a, 0x8b,
369 0x13, 0x5c, 0x42, 0x49, 0xc2, 0xab, 0x86, 0xd6, 0xac, 0x6b, 0x93, 0x20,
370 0x56, 0x6a, 0xc6, 0xc8, 0xa5, 0x0b, 0xe5
373 static const unsigned char pExampleECParamDER[] = {
374 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07
378 typedef struct APK_DATA_st {
379 const unsigned char *kder;
385 int type; /* 0 for private, 1 for public, 2 for params */
388 static APK_DATA keydata[] = {
389 {kExampleRSAKeyDER, sizeof(kExampleRSAKeyDER), EVP_PKEY_RSA},
390 {kExampleRSAKeyPKCS8, sizeof(kExampleRSAKeyPKCS8), EVP_PKEY_RSA},
391 #ifndef OPENSSL_NO_EC
392 {kExampleECKeyDER, sizeof(kExampleECKeyDER), EVP_PKEY_EC}
396 static APK_DATA keycheckdata[] = {
397 {kExampleRSAKeyDER, sizeof(kExampleRSAKeyDER), EVP_PKEY_RSA, 1, -2, -2, 0},
398 {kExampleBadRSAKeyDER, sizeof(kExampleBadRSAKeyDER), EVP_PKEY_RSA,
400 #ifndef OPENSSL_NO_EC
401 {kExampleECKeyDER, sizeof(kExampleECKeyDER), EVP_PKEY_EC, 1, 1, 1, 0},
402 /* group is also associated in our pub key */
403 {kExampleECPubKeyDER, sizeof(kExampleECPubKeyDER), EVP_PKEY_EC, 0, 1, 1, 1},
404 {pExampleECParamDER, sizeof(pExampleECParamDER), EVP_PKEY_EC, 0, 0, 1, 2}
408 static EVP_PKEY *load_example_rsa_key(void)
410 EVP_PKEY *ret = NULL;
411 const unsigned char *derp = kExampleRSAKeyDER;
412 EVP_PKEY *pkey = NULL;
415 if (!TEST_true(d2i_RSAPrivateKey(&rsa, &derp, sizeof(kExampleRSAKeyDER))))
418 if (!TEST_ptr(pkey = EVP_PKEY_new())
419 || !TEST_true(EVP_PKEY_set1_RSA(pkey, rsa)))
432 #ifndef OPENSSL_NO_DSA
433 static EVP_PKEY *load_example_dsa_key(void)
435 EVP_PKEY *ret = NULL;
436 const unsigned char *derp = kExampleDSAKeyDER;
437 EVP_PKEY *pkey = NULL;
440 if (!TEST_true(d2i_DSAPrivateKey(&dsa, &derp, sizeof(kExampleDSAKeyDER))))
443 if (!TEST_ptr(pkey = EVP_PKEY_new())
444 || !TEST_true(EVP_PKEY_set1_DSA(pkey, dsa)))
458 static EVP_PKEY *load_example_hmac_key(void)
460 EVP_PKEY *pkey = NULL;
461 unsigned char key[] = {
462 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
463 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
464 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f
467 pkey = EVP_PKEY_new_raw_private_key(EVP_PKEY_HMAC, NULL, key, sizeof(key));
474 static int test_EVP_Enveloped(void)
477 EVP_CIPHER_CTX *ctx = NULL;
478 EVP_PKEY *keypair = NULL;
479 unsigned char *kek = NULL;
480 unsigned char iv[EVP_MAX_IV_LENGTH];
481 static const unsigned char msg[] = { 1, 2, 3, 4, 5, 6, 7, 8 };
482 int len, kek_len, ciphertext_len, plaintext_len;
483 unsigned char ciphertext[32], plaintext[16];
484 const EVP_CIPHER *type = EVP_aes_256_cbc();
486 if (!TEST_ptr(keypair = load_example_rsa_key())
487 || !TEST_ptr(kek = OPENSSL_zalloc(EVP_PKEY_size(keypair)))
488 || !TEST_ptr(ctx = EVP_CIPHER_CTX_new())
489 || !TEST_true(EVP_SealInit(ctx, type, &kek, &kek_len, iv,
491 || !TEST_true(EVP_SealUpdate(ctx, ciphertext, &ciphertext_len,
493 || !TEST_true(EVP_SealFinal(ctx, ciphertext + ciphertext_len,
497 ciphertext_len += len;
499 if (!TEST_true(EVP_OpenInit(ctx, type, kek, kek_len, iv, keypair))
500 || !TEST_true(EVP_OpenUpdate(ctx, plaintext, &plaintext_len,
501 ciphertext, ciphertext_len))
502 || !TEST_true(EVP_OpenFinal(ctx, plaintext + plaintext_len, &len)))
505 plaintext_len += len;
506 if (!TEST_mem_eq(msg, sizeof(msg), plaintext, plaintext_len))
512 EVP_PKEY_free(keypair);
513 EVP_CIPHER_CTX_free(ctx);
518 * Test 0: Standard calls to EVP_DigestSignInit/Update/Final (Implicit fetch digest, RSA)
519 * Test 1: Standard calls to EVP_DigestSignInit/Update/Final (Implicit fetch digest, DSA)
520 * Test 2: Standard calls to EVP_DigestSignInit/Update/Final (Implicit fetch digest, HMAC)
521 * Test 3: Standard calls to EVP_DigestSignInit/Update/Final (Explicit fetch digest, RSA)
522 * Test 4: Standard calls to EVP_DigestSignInit/Update/Final (Explicit fetch digest, DSA)
523 * Test 5: Standard calls to EVP_DigestSignInit/Update/Final (Explicit fetch diegst, HMAC)
524 * Test 6: Use an MD BIO to do the Update calls instead (RSA)
525 * Test 7: Use an MD BIO to do the Update calls instead (DSA)
526 * Test 8: Use an MD BIO to do the Update calls instead (HMAC)
528 static int test_EVP_DigestSignInit(int tst)
531 EVP_PKEY *pkey = NULL;
532 unsigned char *sig = NULL;
534 EVP_MD_CTX *md_ctx = NULL, *md_ctx_verify = NULL;
535 EVP_MD_CTX *a_md_ctx = NULL, *a_md_ctx_verify = NULL;
536 BIO *mdbio = NULL, *membio = NULL;
539 EVP_MD *mdexp = NULL;
542 membio = BIO_new(BIO_s_mem());
543 mdbio = BIO_new(BIO_f_md());
544 if (!TEST_ptr(membio) || !TEST_ptr(mdbio))
546 BIO_push(mdbio, membio);
547 if (!TEST_int_gt(BIO_get_md_ctx(mdbio, &md_ctx), 0))
550 if (!TEST_ptr(a_md_ctx = md_ctx = EVP_MD_CTX_new())
551 || !TEST_ptr(a_md_ctx_verify = md_ctx_verify = EVP_MD_CTX_new()))
555 if (tst == 0 || tst == 3 || tst == 6) {
556 if (!TEST_ptr(pkey = load_example_rsa_key()))
558 } else if (tst == 1 || tst == 4 || tst == 7) {
559 #ifndef OPENSSL_NO_DSA
560 if (!TEST_ptr(pkey = load_example_dsa_key()))
567 if (!TEST_ptr(pkey = load_example_hmac_key()))
571 if (tst >= 3 && tst <= 5)
572 md = mdexp = EVP_MD_fetch(NULL, "SHA256", NULL);
576 if (!TEST_true(EVP_DigestSignInit(md_ctx, NULL, md, NULL, pkey)))
580 if (!BIO_write_ex(mdbio, kMsg, sizeof(kMsg), &written))
583 if (!TEST_true(EVP_DigestSignUpdate(md_ctx, kMsg, sizeof(kMsg))))
587 /* Determine the size of the signature. */
588 if (!TEST_true(EVP_DigestSignFinal(md_ctx, NULL, &sig_len))
589 || !TEST_ptr(sig = OPENSSL_malloc(sig_len))
590 || !TEST_true(EVP_DigestSignFinal(md_ctx, sig, &sig_len)))
594 if (!TEST_int_gt(BIO_reset(mdbio), 0)
595 || !TEST_int_gt(BIO_get_md_ctx(mdbio, &md_ctx_verify), 0))
600 * Ensure that the signature round-trips (Verification isn't supported for
601 * HMAC via EVP_DigestVerify*)
603 if (tst != 2 && tst != 5 && tst != 8) {
604 if (!TEST_true(EVP_DigestVerifyInit(md_ctx_verify, NULL, md,
609 if (!TEST_true(BIO_write_ex(mdbio, kMsg, sizeof(kMsg), &written)))
612 if (!TEST_true(EVP_DigestVerifyUpdate(md_ctx_verify, kMsg,
616 if (!TEST_true(EVP_DigestVerifyFinal(md_ctx_verify, sig, sig_len)))
625 EVP_MD_CTX_free(a_md_ctx);
626 EVP_MD_CTX_free(a_md_ctx_verify);
634 static int test_EVP_DigestVerifyInit(void)
637 EVP_PKEY *pkey = NULL;
638 EVP_MD_CTX *md_ctx = NULL;
640 if (!TEST_ptr(md_ctx = EVP_MD_CTX_new())
641 || !TEST_ptr(pkey = load_example_rsa_key()))
644 if (!TEST_true(EVP_DigestVerifyInit(md_ctx, NULL, EVP_sha256(), NULL, pkey))
645 || !TEST_true(EVP_DigestVerifyUpdate(md_ctx, kMsg, sizeof(kMsg)))
646 || !TEST_true(EVP_DigestVerifyFinal(md_ctx, kSignature,
647 sizeof(kSignature))))
652 EVP_MD_CTX_free(md_ctx);
657 static int test_d2i_AutoPrivateKey(int i)
660 const unsigned char *p;
661 EVP_PKEY *pkey = NULL;
662 const APK_DATA *ak = &keydata[i];
663 const unsigned char *input = ak->kder;
664 size_t input_len = ak->size;
665 int expected_id = ak->evptype;
668 if (!TEST_ptr(pkey = d2i_AutoPrivateKey(NULL, &p, input_len))
669 || !TEST_ptr_eq(p, input + input_len)
670 || !TEST_int_eq(EVP_PKEY_id(pkey), expected_id))
680 #ifndef OPENSSL_NO_EC
682 static const unsigned char ec_public_sect163k1_validxy[] = {
683 0x30, 0x40, 0x30, 0x10, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
684 0x01, 0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x01, 0x03, 0x2c, 0x00, 0x04,
685 0x02, 0x84, 0x58, 0xa6, 0xd4, 0xa0, 0x35, 0x2b, 0xae, 0xf0, 0xc0, 0x69,
686 0x05, 0xcf, 0x2a, 0x50, 0x33, 0xf9, 0xe3, 0x92, 0x79, 0x02, 0xd1, 0x7b,
687 0x9f, 0x22, 0x00, 0xf0, 0x3b, 0x0e, 0x5d, 0x2e, 0xb7, 0x23, 0x24, 0xf3,
688 0x6a, 0xd8, 0x17, 0x65, 0x41, 0x2f
691 static const unsigned char ec_public_sect163k1_badx[] = {
692 0x30, 0x40, 0x30, 0x10, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
693 0x01, 0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x01, 0x03, 0x2c, 0x00, 0x04,
694 0x0a, 0x84, 0x58, 0xa6, 0xd4, 0xa0, 0x35, 0x2b, 0xae, 0xf0, 0xc0, 0x69,
695 0x05, 0xcf, 0x2a, 0x50, 0x33, 0xf9, 0xe3, 0x92, 0xb0, 0x02, 0xd1, 0x7b,
696 0x9f, 0x22, 0x00, 0xf0, 0x3b, 0x0e, 0x5d, 0x2e, 0xb7, 0x23, 0x24, 0xf3,
697 0x6a, 0xd8, 0x17, 0x65, 0x41, 0x2f
700 static const unsigned char ec_public_sect163k1_bady[] = {
701 0x30, 0x40, 0x30, 0x10, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
702 0x01, 0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x01, 0x03, 0x2c, 0x00, 0x04,
703 0x02, 0x84, 0x58, 0xa6, 0xd4, 0xa0, 0x35, 0x2b, 0xae, 0xf0, 0xc0, 0x69,
704 0x05, 0xcf, 0x2a, 0x50, 0x33, 0xf9, 0xe3, 0x92, 0x79, 0x0a, 0xd1, 0x7b,
705 0x9f, 0x22, 0x00, 0xf0, 0x3b, 0x0e, 0x5d, 0x2e, 0xb7, 0x23, 0x24, 0xf3,
706 0x6a, 0xd8, 0x17, 0x65, 0x41, 0xe6
709 static struct ec_der_pub_keys_st {
710 const unsigned char *der;
713 } ec_der_pub_keys[] = {
714 { ec_public_sect163k1_validxy, sizeof(ec_public_sect163k1_validxy), 1 },
715 { ec_public_sect163k1_badx, sizeof(ec_public_sect163k1_badx), 0 },
716 { ec_public_sect163k1_bady, sizeof(ec_public_sect163k1_bady), 0 },
720 * Tests the range of the decoded EC char2 public point.
721 * See ec_GF2m_simple_oct2point().
723 static int test_invalide_ec_char2_pub_range_decode(int id)
727 EC_KEY *eckey = NULL;
729 if (!TEST_ptr(bio = BIO_new_mem_buf(ec_der_pub_keys[id].der,
730 ec_der_pub_keys[id].len)))
732 eckey = d2i_EC_PUBKEY_bio(bio, NULL);
733 ret = (ec_der_pub_keys[id].valid && TEST_ptr(eckey))
734 || TEST_ptr_null(eckey);
741 /* Tests loading a bad key in PKCS8 format */
742 static int test_EVP_PKCS82PKEY(void)
745 const unsigned char *derp = kExampleBadECKeyDER;
746 PKCS8_PRIV_KEY_INFO *p8inf = NULL;
747 EVP_PKEY *pkey = NULL;
749 if (!TEST_ptr(p8inf = d2i_PKCS8_PRIV_KEY_INFO(NULL, &derp,
750 sizeof(kExampleBadECKeyDER))))
753 if (!TEST_ptr_eq(derp,
754 kExampleBadECKeyDER + sizeof(kExampleBadECKeyDER)))
757 if (!TEST_ptr_null(pkey = EVP_PKCS82PKEY(p8inf)))
763 PKCS8_PRIV_KEY_INFO_free(p8inf);
770 /* This uses kExampleRSAKeyDER and kExampleRSAKeyPKCS8 to verify encoding */
771 static int test_privatekey_to_pkcs8(void)
773 EVP_PKEY *pkey = NULL;
776 size_t membuf_len = 0;
779 if (!TEST_ptr(membio = BIO_new(BIO_s_mem()))
780 || !TEST_ptr(pkey = load_example_rsa_key())
781 || !TEST_int_gt(i2d_PKCS8PrivateKey_bio(membio, pkey, NULL,
782 NULL, 0, NULL, NULL),
784 || !TEST_ptr((membuf_len = (size_t)BIO_get_mem_data(membio, &membuf),
786 || !TEST_mem_eq(membuf, membuf_len,
787 kExampleRSAKeyPKCS8, sizeof(kExampleRSAKeyPKCS8))
789 * We try to write PEM as well, just to see that it doesn't err, but
790 * assume that the result is correct.
792 || !TEST_int_gt(PEM_write_bio_PKCS8PrivateKey(membio, pkey, NULL,
793 NULL, 0, NULL, NULL),
800 BIO_free_all(membio);
804 #if !defined(OPENSSL_NO_SM2) && !defined(FIPS_MODULE)
806 static int test_EVP_SM2_verify(void)
808 /* From https://tools.ietf.org/html/draft-shen-sm2-ecdsa-02#appendix-A */
810 "-----BEGIN PUBLIC KEY-----\n"
811 "MIIBMzCB7AYHKoZIzj0CATCB4AIBATAsBgcqhkjOPQEBAiEAhULWnkwETxjouSQ1\n"
812 "v2/33kVyg5FcRVF9ci7biwjx38MwRAQgeHlotPoyw/0kF4Quc7v+/y88hItoMdfg\n"
813 "7GUiizk35JgEIGPkxtOyOwyEnPhCQUhL/kj2HVmlsWugbm4S0donxSSaBEEEQh3r\n"
814 "1hti6rZ0ZDTrw8wxXjIiCzut1QvcTE5sFH/t1D0GgFEry7QsB9RzSdIVO3DE5df9\n"
815 "/L+jbqGoWEG55G4JogIhAIVC1p5MBE8Y6LkkNb9v990pdyBjBIVijVrnTufDLnm3\n"
816 "AgEBA0IABArkx3mKoPEZRxvuEYJb5GICu3nipYRElel8BP9N8lSKfAJA+I8c1OFj\n"
817 "Uqc8F7fxbwc1PlOhdtaEqf4Ma7eY6Fc=\n"
818 "-----END PUBLIC KEY-----\n";
820 const char *msg = "message digest";
821 const char *id = "ALICE123@YAHOO.COM";
823 const uint8_t signature[] = {
824 0x30, 0x44, 0x02, 0x20,
826 0x40, 0xF1, 0xEC, 0x59, 0xF7, 0x93, 0xD9, 0xF4, 0x9E, 0x09, 0xDC,
827 0xEF, 0x49, 0x13, 0x0D, 0x41, 0x94, 0xF7, 0x9F, 0xB1, 0xEE, 0xD2,
828 0xCA, 0xA5, 0x5B, 0xAC, 0xDB, 0x49, 0xC4, 0xE7, 0x55, 0xD1,
832 0x6F, 0xC6, 0xDA, 0xC3, 0x2C, 0x5D, 0x5C, 0xF1, 0x0C, 0x77, 0xDF,
833 0xB2, 0x0F, 0x7C, 0x2E, 0xB6, 0x67, 0xA4, 0x57, 0x87, 0x2F, 0xB0,
834 0x9E, 0xC5, 0x63, 0x27, 0xA6, 0x7E, 0xC7, 0xDE, 0xEB, 0xE7
839 EVP_PKEY *pkey = NULL;
840 EVP_MD_CTX *mctx = NULL;
841 EVP_PKEY_CTX *pctx = NULL;
843 bio = BIO_new_mem_buf(pubkey, strlen(pubkey));
844 if (!TEST_true(bio != NULL))
847 pkey = PEM_read_bio_PUBKEY(bio, NULL, NULL, NULL);
848 if (!TEST_true(pkey != NULL))
851 if (!TEST_true(EVP_PKEY_set_alias_type(pkey, EVP_PKEY_SM2)))
854 if (!TEST_ptr(mctx = EVP_MD_CTX_new()))
857 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new(pkey, NULL)))
860 if (!TEST_int_gt(EVP_PKEY_CTX_set1_id(pctx, (const uint8_t *)id,
864 EVP_MD_CTX_set_pkey_ctx(mctx, pctx);
866 if (!TEST_true(EVP_DigestVerifyInit(mctx, NULL, EVP_sm3(), NULL, pkey)))
869 if (!TEST_true(EVP_DigestVerifyUpdate(mctx, msg, strlen(msg))))
872 if (!TEST_true(EVP_DigestVerifyFinal(mctx, signature, sizeof(signature))))
879 EVP_PKEY_CTX_free(pctx);
880 EVP_MD_CTX_free(mctx);
884 static int test_EVP_SM2(void)
887 EVP_PKEY *pkey = NULL;
888 EVP_PKEY *params = NULL;
889 EVP_PKEY_CTX *pctx = NULL;
890 EVP_PKEY_CTX *kctx = NULL;
891 EVP_PKEY_CTX *sctx = NULL;
893 unsigned char *sig = NULL;
894 EVP_MD_CTX *md_ctx = NULL;
895 EVP_MD_CTX *md_ctx_verify = NULL;
896 EVP_PKEY_CTX *cctx = NULL;
898 uint8_t ciphertext[128];
899 size_t ctext_len = sizeof(ciphertext);
901 uint8_t plaintext[8];
902 size_t ptext_len = sizeof(plaintext);
904 uint8_t sm2_id[] = {1, 2, 3, 4, 'l', 'e', 't', 't', 'e', 'r'};
906 pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_EC, NULL);
910 if (!TEST_true(EVP_PKEY_paramgen_init(pctx) == 1))
913 if (!TEST_true(EVP_PKEY_CTX_set_ec_paramgen_curve_nid(pctx, NID_sm2)))
916 if (!TEST_true(EVP_PKEY_paramgen(pctx, ¶ms)))
919 kctx = EVP_PKEY_CTX_new(params, NULL);
923 if (!TEST_true(EVP_PKEY_keygen_init(kctx)))
926 if (!TEST_true(EVP_PKEY_keygen(kctx, &pkey)))
929 if (!TEST_true(EVP_PKEY_set_alias_type(pkey, EVP_PKEY_SM2)))
932 if (!TEST_ptr(md_ctx = EVP_MD_CTX_new()))
935 if (!TEST_ptr(md_ctx_verify = EVP_MD_CTX_new()))
938 if (!TEST_ptr(sctx = EVP_PKEY_CTX_new(pkey, NULL)))
941 EVP_MD_CTX_set_pkey_ctx(md_ctx, sctx);
942 EVP_MD_CTX_set_pkey_ctx(md_ctx_verify, sctx);
944 if (!TEST_int_gt(EVP_PKEY_CTX_set1_id(sctx, sm2_id, sizeof(sm2_id)), 0))
947 if (!TEST_true(EVP_DigestSignInit(md_ctx, NULL, EVP_sm3(), NULL, pkey)))
950 if(!TEST_true(EVP_DigestSignUpdate(md_ctx, kMsg, sizeof(kMsg))))
953 /* Determine the size of the signature. */
954 if (!TEST_true(EVP_DigestSignFinal(md_ctx, NULL, &sig_len)))
957 if (!TEST_ptr(sig = OPENSSL_malloc(sig_len)))
960 if (!TEST_true(EVP_DigestSignFinal(md_ctx, sig, &sig_len)))
963 /* Ensure that the signature round-trips. */
965 if (!TEST_true(EVP_DigestVerifyInit(md_ctx_verify, NULL, EVP_sm3(), NULL, pkey)))
968 if (!TEST_true(EVP_DigestVerifyUpdate(md_ctx_verify, kMsg, sizeof(kMsg))))
971 if (!TEST_true(EVP_DigestVerifyFinal(md_ctx_verify, sig, sig_len)))
974 /* now check encryption/decryption */
976 if (!TEST_ptr(cctx = EVP_PKEY_CTX_new(pkey, NULL)))
979 if (!TEST_true(EVP_PKEY_encrypt_init(cctx)))
982 if (!TEST_true(EVP_PKEY_encrypt(cctx, ciphertext, &ctext_len, kMsg, sizeof(kMsg))))
985 if (!TEST_true(EVP_PKEY_decrypt_init(cctx)))
988 if (!TEST_true(EVP_PKEY_decrypt(cctx, plaintext, &ptext_len, ciphertext, ctext_len)))
991 if (!TEST_true(ptext_len == sizeof(kMsg)))
994 if (!TEST_true(memcmp(plaintext, kMsg, sizeof(kMsg)) == 0))
999 EVP_PKEY_CTX_free(pctx);
1000 EVP_PKEY_CTX_free(kctx);
1001 EVP_PKEY_CTX_free(sctx);
1002 EVP_PKEY_CTX_free(cctx);
1003 EVP_PKEY_free(pkey);
1004 EVP_PKEY_free(params);
1005 EVP_MD_CTX_free(md_ctx);
1006 EVP_MD_CTX_free(md_ctx_verify);
1013 static struct keys_st {
1019 EVP_PKEY_HMAC, "0123456789", NULL
1021 EVP_PKEY_POLY1305, "01234567890123456789012345678901", NULL
1023 EVP_PKEY_SIPHASH, "0123456789012345", NULL
1025 #ifndef OPENSSL_NO_EC
1027 EVP_PKEY_X25519, "01234567890123456789012345678901",
1028 "abcdefghijklmnopqrstuvwxyzabcdef"
1030 EVP_PKEY_ED25519, "01234567890123456789012345678901",
1031 "abcdefghijklmnopqrstuvwxyzabcdef"
1034 "01234567890123456789012345678901234567890123456789012345",
1035 "abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcd"
1038 "012345678901234567890123456789012345678901234567890123456",
1039 "abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcde"
1044 static int test_set_get_raw_keys_int(int tst, int pub, int uselibctx)
1047 unsigned char buf[80];
1049 size_t inlen, len = 0;
1052 /* Check if this algorithm supports public keys */
1053 if (keys[tst].pub == NULL)
1056 memset(buf, 0, sizeof(buf));
1059 inlen = strlen(keys[tst].pub);
1060 in = (unsigned char *)keys[tst].pub;
1062 pkey = EVP_PKEY_new_raw_public_key_with_libctx(
1064 OBJ_nid2sn(keys[tst].type),
1069 pkey = EVP_PKEY_new_raw_public_key(keys[tst].type,
1075 inlen = strlen(keys[tst].priv);
1076 in = (unsigned char *)keys[tst].priv;
1078 pkey = EVP_PKEY_new_raw_private_key_with_libctx(
1079 testctx, OBJ_nid2sn(keys[tst].type),
1084 pkey = EVP_PKEY_new_raw_private_key(keys[tst].type,
1092 || (!pub && !TEST_true(EVP_PKEY_get_raw_private_key(pkey, NULL, &len)))
1093 || (pub && !TEST_true(EVP_PKEY_get_raw_public_key(pkey, NULL, &len)))
1094 || !TEST_true(len == inlen)
1095 || (!pub && !TEST_true(EVP_PKEY_get_raw_private_key(pkey, buf, &len)))
1096 || (pub && !TEST_true(EVP_PKEY_get_raw_public_key(pkey, buf, &len)))
1097 || !TEST_mem_eq(in, inlen, buf, len))
1102 EVP_PKEY_free(pkey);
1106 static int test_set_get_raw_keys(int tst)
1108 return test_set_get_raw_keys_int(tst, 0, 0)
1109 && test_set_get_raw_keys_int(tst, 0, 1)
1110 && test_set_get_raw_keys_int(tst, 1, 0)
1111 && test_set_get_raw_keys_int(tst, 1, 1);
1114 static int pkey_custom_check(EVP_PKEY *pkey)
1119 static int pkey_custom_pub_check(EVP_PKEY *pkey)
1124 static int pkey_custom_param_check(EVP_PKEY *pkey)
1129 static EVP_PKEY_METHOD *custom_pmeth;
1131 static int test_EVP_PKEY_check(int i)
1134 const unsigned char *p;
1135 EVP_PKEY *pkey = NULL;
1136 #ifndef OPENSSL_NO_EC
1137 EC_KEY *eckey = NULL;
1139 EVP_PKEY_CTX *ctx = NULL;
1140 EVP_PKEY_CTX *ctx2 = NULL;
1141 const APK_DATA *ak = &keycheckdata[i];
1142 const unsigned char *input = ak->kder;
1143 size_t input_len = ak->size;
1144 int expected_id = ak->evptype;
1145 int expected_check = ak->check;
1146 int expected_pub_check = ak->pub_check;
1147 int expected_param_check = ak->param_check;
1148 int type = ak->type;
1155 if (!TEST_ptr(pkey = d2i_AutoPrivateKey(NULL, &p, input_len))
1156 || !TEST_ptr_eq(p, input + input_len)
1157 || !TEST_int_eq(EVP_PKEY_id(pkey), expected_id))
1160 #ifndef OPENSSL_NO_EC
1162 if (!TEST_ptr(pubkey = BIO_new_mem_buf(input, input_len))
1163 || !TEST_ptr(eckey = d2i_EC_PUBKEY_bio(pubkey, NULL))
1164 || !TEST_ptr(pkey = EVP_PKEY_new())
1165 || !TEST_true(EVP_PKEY_assign_EC_KEY(pkey, eckey)))
1169 if (!TEST_ptr(eckey = d2i_ECParameters(NULL, &p, input_len))
1170 || !TEST_ptr_eq(p, input + input_len)
1171 || !TEST_ptr(pkey = EVP_PKEY_new())
1172 || !TEST_true(EVP_PKEY_assign_EC_KEY(pkey, eckey)))
1180 if (!TEST_ptr(ctx = EVP_PKEY_CTX_new(pkey, NULL)))
1183 if (!TEST_int_eq(EVP_PKEY_check(ctx), expected_check))
1186 if (!TEST_int_eq(EVP_PKEY_public_check(ctx), expected_pub_check))
1189 if (!TEST_int_eq(EVP_PKEY_param_check(ctx), expected_param_check))
1192 ctx2 = EVP_PKEY_CTX_new_id(0xdefaced, NULL);
1193 /* assign the pkey directly, as an internal test */
1194 EVP_PKEY_up_ref(pkey);
1197 if (!TEST_int_eq(EVP_PKEY_check(ctx2), 0xbeef))
1200 if (!TEST_int_eq(EVP_PKEY_public_check(ctx2), 0xbeef))
1203 if (!TEST_int_eq(EVP_PKEY_param_check(ctx2), 0xbeef))
1209 EVP_PKEY_CTX_free(ctx);
1210 EVP_PKEY_CTX_free(ctx2);
1211 EVP_PKEY_free(pkey);
1216 #ifndef OPENSSL_NO_CMAC
1217 static int test_CMAC_keygen(void)
1220 * This is a legacy method for CMACs, but should still work.
1221 * This verifies that it works without an ENGINE.
1223 EVP_PKEY_CTX *kctx = EVP_PKEY_CTX_new_id(EVP_PKEY_CMAC, NULL);
1226 if (!TEST_true(EVP_PKEY_keygen_init(kctx) > 0)
1227 && !TEST_true(EVP_PKEY_CTX_ctrl(kctx, -1, EVP_PKEY_OP_KEYGEN,
1228 EVP_PKEY_CTRL_CIPHER,
1229 0, (void *)EVP_aes_256_ecb()) > 0))
1234 EVP_PKEY_CTX_free(kctx);
1239 static int test_HKDF(void)
1242 unsigned char out[20];
1245 unsigned char salt[] = "0123456789";
1246 unsigned char key[] = "012345678901234567890123456789";
1247 unsigned char info[] = "infostring";
1248 const unsigned char expected[] = {
1249 0xe5, 0x07, 0x70, 0x7f, 0xc6, 0x78, 0xd6, 0x54, 0x32, 0x5f, 0x7e, 0xc5,
1250 0x7b, 0x59, 0x3e, 0xd8, 0x03, 0x6b, 0xed, 0xca
1252 size_t expectedlen = sizeof(expected);
1254 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_HKDF, NULL)))
1257 /* We do this twice to test reuse of the EVP_PKEY_CTX */
1258 for (i = 0; i < 2; i++) {
1259 outlen = sizeof(out);
1260 memset(out, 0, outlen);
1262 if (!TEST_int_gt(EVP_PKEY_derive_init(pctx), 0)
1263 || !TEST_int_gt(EVP_PKEY_CTX_set_hkdf_md(pctx, EVP_sha256()), 0)
1264 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_salt(pctx, salt,
1265 sizeof(salt) - 1), 0)
1266 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_key(pctx, key,
1267 sizeof(key) - 1), 0)
1268 || !TEST_int_gt(EVP_PKEY_CTX_add1_hkdf_info(pctx, info,
1269 sizeof(info) - 1), 0)
1270 || !TEST_int_gt(EVP_PKEY_derive(pctx, out, &outlen), 0)
1271 || !TEST_mem_eq(out, outlen, expected, expectedlen))
1278 EVP_PKEY_CTX_free(pctx);
1283 static int test_emptyikm_HKDF(void)
1286 unsigned char out[20];
1289 unsigned char salt[] = "9876543210";
1290 unsigned char key[] = "";
1291 unsigned char info[] = "stringinfo";
1292 const unsigned char expected[] = {
1293 0x68, 0x81, 0xa5, 0x3e, 0x5b, 0x9c, 0x7b, 0x6f, 0x2e, 0xec, 0xc8, 0x47,
1294 0x7c, 0xfa, 0x47, 0x35, 0x66, 0x82, 0x15, 0x30
1296 size_t expectedlen = sizeof(expected);
1298 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_HKDF, NULL)))
1301 outlen = sizeof(out);
1302 memset(out, 0, outlen);
1304 if (!TEST_int_gt(EVP_PKEY_derive_init(pctx), 0)
1305 || !TEST_int_gt(EVP_PKEY_CTX_set_hkdf_md(pctx, EVP_sha256()), 0)
1306 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_salt(pctx, salt,
1307 sizeof(salt) - 1), 0)
1308 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_key(pctx, key,
1309 sizeof(key) - 1), 0)
1310 || !TEST_int_gt(EVP_PKEY_CTX_add1_hkdf_info(pctx, info,
1311 sizeof(info) - 1), 0)
1312 || !TEST_int_gt(EVP_PKEY_derive(pctx, out, &outlen), 0)
1313 || !TEST_mem_eq(out, outlen, expected, expectedlen))
1319 EVP_PKEY_CTX_free(pctx);
1324 #ifndef OPENSSL_NO_EC
1325 static int test_X509_PUBKEY_inplace(void)
1328 X509_PUBKEY *xp = NULL;
1329 const unsigned char *p = kExampleECPubKeyDER;
1330 size_t input_len = sizeof(kExampleECPubKeyDER);
1332 if (!TEST_ptr(xp = d2i_X509_PUBKEY(NULL, &p, input_len)))
1335 if (!TEST_ptr(X509_PUBKEY_get0(xp)))
1338 p = kExampleBadECPubKeyDER;
1339 input_len = sizeof(kExampleBadECPubKeyDER);
1341 if (!TEST_ptr(xp = d2i_X509_PUBKEY(&xp, &p, input_len)))
1344 if (!TEST_true(X509_PUBKEY_get0(xp) == NULL))
1350 X509_PUBKEY_free(xp);
1353 #endif /* OPENSSL_NO_EC */
1355 /* Test getting and setting parameters on an EVP_PKEY_CTX */
1356 static int test_EVP_PKEY_CTX_get_set_params(EVP_PKEY *pkey)
1358 EVP_MD_CTX *mdctx = NULL;
1359 EVP_PKEY_CTX *ctx = NULL;
1360 const OSSL_PARAM *params;
1361 OSSL_PARAM ourparams[2], *param = ourparams, *param_md;
1364 char mdname[OSSL_MAX_NAME_SIZE];
1367 /* Initialise a sign operation */
1368 ctx = EVP_PKEY_CTX_new(pkey, NULL);
1370 || !TEST_int_gt(EVP_PKEY_sign_init(ctx), 0))
1374 * We should be able to query the parameters now.
1376 params = EVP_PKEY_CTX_settable_params(ctx);
1377 if (!TEST_ptr(params)
1378 || !TEST_ptr(OSSL_PARAM_locate_const(params,
1379 OSSL_SIGNATURE_PARAM_DIGEST)))
1382 params = EVP_PKEY_CTX_gettable_params(ctx);
1383 if (!TEST_ptr(params)
1384 || !TEST_ptr(OSSL_PARAM_locate_const(params,
1385 OSSL_SIGNATURE_PARAM_ALGORITHM_ID))
1386 || !TEST_ptr(OSSL_PARAM_locate_const(params,
1387 OSSL_SIGNATURE_PARAM_DIGEST)))
1391 * Test getting and setting params via EVP_PKEY_CTX_set_params() and
1392 * EVP_PKEY_CTX_get_params()
1394 strcpy(mdname, "SHA512");
1396 *param++ = OSSL_PARAM_construct_utf8_string(OSSL_SIGNATURE_PARAM_DIGEST,
1398 *param++ = OSSL_PARAM_construct_end();
1400 if (!TEST_true(EVP_PKEY_CTX_set_params(ctx, ourparams)))
1404 *param_md = OSSL_PARAM_construct_utf8_string(OSSL_SIGNATURE_PARAM_DIGEST,
1405 mdname, sizeof(mdname));
1406 if (!TEST_true(EVP_PKEY_CTX_get_params(ctx, ourparams))
1407 || !TEST_str_eq(mdname, "SHA512"))
1411 * Test the TEST_PKEY_CTX_set_signature_md() and
1412 * TEST_PKEY_CTX_get_signature_md() functions
1414 if (!TEST_int_gt(EVP_PKEY_CTX_set_signature_md(ctx, EVP_sha256()), 0)
1415 || !TEST_int_gt(EVP_PKEY_CTX_get_signature_md(ctx, &md), 0)
1416 || !TEST_ptr_eq(md, EVP_sha256()))
1420 * Test getting MD parameters via an associated EVP_PKEY_CTX
1422 mdctx = EVP_MD_CTX_new();
1423 if (!TEST_ptr(mdctx)
1424 || !TEST_true(EVP_DigestSignInit_ex(mdctx, NULL, "SHA1", NULL, pkey,
1429 * We now have an EVP_MD_CTX with an EVP_PKEY_CTX inside it. We should be
1430 * able to obtain the digest's settable parameters from the provider.
1432 params = EVP_MD_CTX_settable_params(mdctx);
1433 if (!TEST_ptr(params)
1434 || !TEST_int_eq(strcmp(params[0].key, OSSL_DIGEST_PARAM_SSL3_MS), 0)
1435 /* The final key should be NULL */
1436 || !TEST_ptr_null(params[1].key))
1440 memset(ssl3ms, 0, sizeof(ssl3ms));
1441 *param++ = OSSL_PARAM_construct_octet_string(OSSL_DIGEST_PARAM_SSL3_MS,
1442 ssl3ms, sizeof(ssl3ms));
1443 *param++ = OSSL_PARAM_construct_end();
1445 if (!TEST_true(EVP_MD_CTX_set_params(mdctx, ourparams)))
1451 EVP_MD_CTX_free(mdctx);
1452 EVP_PKEY_CTX_free(ctx);
1457 #ifndef OPENSSL_NO_DSA
1458 static int test_DSA_get_set_params(void)
1461 BIGNUM *p = NULL, *q = NULL, *g = NULL, *pub = NULL, *priv = NULL;
1462 EVP_PKEY *pkey = NULL;
1466 * Setup the parameters for our DSA object. For our purposes they don't
1467 * have to actually be *valid* parameters. We just need to set something.
1480 || !DSA_set0_pqg(dsa, p, q, g)
1481 || !DSA_set0_key(dsa, pub, priv))
1483 p = q = g = pub = priv = NULL;
1485 pkey = EVP_PKEY_new();
1487 || !TEST_true(EVP_PKEY_assign_DSA(pkey, dsa)))
1492 ret = test_EVP_PKEY_CTX_get_set_params(pkey);
1495 EVP_PKEY_free(pkey);
1507 static int test_RSA_get_set_params(void)
1510 BIGNUM *n = NULL, *e = NULL, *d = NULL;
1511 EVP_PKEY *pkey = NULL;
1515 * Setup the parameters for our RSA object. For our purposes they don't
1516 * have to actually be *valid* parameters. We just need to set something.
1526 || !RSA_set0_key(rsa, n, e, d))
1530 pkey = EVP_PKEY_new();
1532 || !TEST_true(EVP_PKEY_assign_RSA(pkey, rsa)))
1537 ret = test_EVP_PKEY_CTX_get_set_params(pkey);
1540 EVP_PKEY_free(pkey);
1549 #if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
1550 static int test_decrypt_null_chunks(void)
1552 EVP_CIPHER_CTX* ctx = NULL;
1553 const unsigned char key[32] = {
1554 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
1555 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
1556 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1
1558 unsigned char iv[12] = {
1559 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b
1561 unsigned char msg[] = "It was the best of times, it was the worst of times";
1562 unsigned char ciphertext[80];
1563 unsigned char plaintext[80];
1564 /* We initialise tmp to a non zero value on purpose */
1565 int ctlen, ptlen, tmp = 99;
1567 const int enc_offset = 10, dec_offset = 20;
1569 if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new())
1570 || !TEST_true(EVP_EncryptInit_ex(ctx, EVP_chacha20_poly1305(), NULL,
1572 || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext, &ctlen, msg,
1574 /* Deliberate add a zero length update */
1575 || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext + ctlen, &tmp, NULL,
1577 || !TEST_int_eq(tmp, 0)
1578 || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext + ctlen, &tmp,
1580 sizeof(msg) - enc_offset))
1581 || !TEST_int_eq(ctlen += tmp, sizeof(msg))
1582 || !TEST_true(EVP_EncryptFinal(ctx, ciphertext + ctlen, &tmp))
1583 || !TEST_int_eq(tmp, 0))
1586 /* Deliberately initialise tmp to a non zero value */
1588 if (!TEST_true(EVP_DecryptInit_ex(ctx, EVP_chacha20_poly1305(), NULL, key,
1590 || !TEST_true(EVP_DecryptUpdate(ctx, plaintext, &ptlen, ciphertext,
1593 * Deliberately add a zero length update. We also deliberately do
1594 * this at a different offset than for encryption.
1596 || !TEST_true(EVP_DecryptUpdate(ctx, plaintext + ptlen, &tmp, NULL,
1598 || !TEST_int_eq(tmp, 0)
1599 || !TEST_true(EVP_DecryptUpdate(ctx, plaintext + ptlen, &tmp,
1600 ciphertext + dec_offset,
1601 ctlen - dec_offset))
1602 || !TEST_int_eq(ptlen += tmp, sizeof(msg))
1603 || !TEST_true(EVP_DecryptFinal(ctx, plaintext + ptlen, &tmp))
1604 || !TEST_int_eq(tmp, 0)
1605 || !TEST_mem_eq(msg, sizeof(msg), plaintext, ptlen))
1610 EVP_CIPHER_CTX_free(ctx);
1613 #endif /* !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305) */
1615 #ifndef OPENSSL_NO_DH
1616 static int test_EVP_PKEY_set1_DH(void)
1618 DH *x942dh = NULL, *noqdh = NULL;
1619 EVP_PKEY *pkey1 = NULL, *pkey2 = NULL;
1621 BIGNUM *p, *g = NULL;
1623 if (!TEST_ptr(p = BN_new())
1624 || !TEST_ptr(g = BN_new())
1625 || !BN_set_word(p, 9999)
1626 || !BN_set_word(g, 2)
1627 || !TEST_ptr(noqdh = DH_new())
1628 || !DH_set0_pqg(noqdh, p, NULL, g))
1632 x942dh = DH_get_2048_256();
1633 pkey1 = EVP_PKEY_new();
1634 pkey2 = EVP_PKEY_new();
1635 if (!TEST_ptr(x942dh)
1638 || !TEST_ptr(pkey2))
1641 if(!TEST_true(EVP_PKEY_set1_DH(pkey1, x942dh))
1642 || !TEST_int_eq(EVP_PKEY_id(pkey1), EVP_PKEY_DHX))
1645 if(!TEST_true(EVP_PKEY_set1_DH(pkey2, noqdh))
1646 || !TEST_int_eq(EVP_PKEY_id(pkey2), EVP_PKEY_DH))
1653 EVP_PKEY_free(pkey1);
1654 EVP_PKEY_free(pkey2);
1663 * We test what happens with an empty template. For the sake of this test,
1664 * the template must be ignored, and we know that's the case for RSA keys
1665 * (this might arguably be a misfeature, but that's what we currently do,
1666 * even in provider code, since that's how the legacy RSA implementation
1669 static int test_keygen_with_empty_template(int n)
1671 EVP_PKEY_CTX *ctx = NULL;
1672 EVP_PKEY *pkey = NULL;
1673 EVP_PKEY *tkey = NULL;
1678 /* We do test with no template at all as well */
1679 if (!TEST_ptr(ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_RSA, NULL)))
1683 /* Here we create an empty RSA key that serves as our template */
1684 if (!TEST_ptr(tkey = EVP_PKEY_new())
1685 || !TEST_true(EVP_PKEY_set_type(tkey, EVP_PKEY_RSA))
1686 || !TEST_ptr(ctx = EVP_PKEY_CTX_new(tkey, NULL)))
1691 if (!TEST_int_gt(EVP_PKEY_keygen_init(ctx), 0)
1692 || !TEST_int_gt(EVP_PKEY_keygen(ctx, &pkey), 0))
1697 EVP_PKEY_CTX_free(ctx);
1698 EVP_PKEY_free(pkey);
1699 EVP_PKEY_free(tkey);
1704 * Test that we fail if we attempt to use an algorithm that is not available
1705 * in the current library context (unless we are using an algorithm that should
1706 * be made available via legacy codepaths).
1708 static int test_pkey_ctx_fail_without_provider(int tst)
1710 OPENSSL_CTX *tmpctx = OPENSSL_CTX_new();
1711 OSSL_PROVIDER *nullprov = NULL;
1712 EVP_PKEY_CTX *pctx = NULL;
1715 if (!TEST_ptr(tmpctx))
1718 nullprov = OSSL_PROVIDER_load(tmpctx, "null");
1719 if (!TEST_ptr(nullprov))
1722 pctx = EVP_PKEY_CTX_new_from_name(tmpctx, tst == 0 ? "RSA" : "HMAC", "");
1724 /* RSA is not available via any provider so we expect this to fail */
1725 if (tst == 0 && !TEST_ptr_null(pctx))
1729 * HMAC is always available because it is implemented via legacy codepaths
1730 * and not in a provider at all. We expect this to pass.
1732 if (tst == 1 && !TEST_ptr(pctx))
1738 EVP_PKEY_CTX_free(pctx);
1739 OSSL_PROVIDER_unload(nullprov);
1740 OPENSSL_CTX_free(tmpctx);
1744 int setup_tests(void)
1746 testctx = OPENSSL_CTX_new();
1748 if (!TEST_ptr(testctx))
1751 ADD_ALL_TESTS(test_EVP_DigestSignInit, 9);
1752 ADD_TEST(test_EVP_DigestVerifyInit);
1753 ADD_TEST(test_EVP_Enveloped);
1754 ADD_ALL_TESTS(test_d2i_AutoPrivateKey, OSSL_NELEM(keydata));
1755 ADD_TEST(test_privatekey_to_pkcs8);
1756 #ifndef OPENSSL_NO_EC
1757 ADD_TEST(test_EVP_PKCS82PKEY);
1759 #if !defined(OPENSSL_NO_SM2) && !defined(FIPS_MODULE)
1760 ADD_TEST(test_EVP_SM2);
1761 ADD_TEST(test_EVP_SM2_verify);
1763 ADD_ALL_TESTS(test_set_get_raw_keys, OSSL_NELEM(keys));
1764 custom_pmeth = EVP_PKEY_meth_new(0xdefaced, 0);
1765 if (!TEST_ptr(custom_pmeth))
1767 EVP_PKEY_meth_set_check(custom_pmeth, pkey_custom_check);
1768 EVP_PKEY_meth_set_public_check(custom_pmeth, pkey_custom_pub_check);
1769 EVP_PKEY_meth_set_param_check(custom_pmeth, pkey_custom_param_check);
1770 if (!TEST_int_eq(EVP_PKEY_meth_add0(custom_pmeth), 1))
1772 ADD_ALL_TESTS(test_EVP_PKEY_check, OSSL_NELEM(keycheckdata));
1773 #ifndef OPENSSL_NO_CMAC
1774 ADD_TEST(test_CMAC_keygen);
1776 ADD_TEST(test_HKDF);
1777 ADD_TEST(test_emptyikm_HKDF);
1778 #ifndef OPENSSL_NO_EC
1779 ADD_TEST(test_X509_PUBKEY_inplace);
1780 ADD_ALL_TESTS(test_invalide_ec_char2_pub_range_decode,
1781 OSSL_NELEM(ec_der_pub_keys));
1783 #ifndef OPENSSL_NO_DSA
1784 ADD_TEST(test_DSA_get_set_params);
1786 ADD_TEST(test_RSA_get_set_params);
1787 #if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
1788 ADD_TEST(test_decrypt_null_chunks);
1790 #ifndef OPENSSL_NO_DH
1791 ADD_TEST(test_EVP_PKEY_set1_DH);
1793 ADD_ALL_TESTS(test_keygen_with_empty_template, 2);
1794 ADD_ALL_TESTS(test_pkey_ctx_fail_without_provider, 2);
1799 void cleanup_tests(void)
1801 OPENSSL_CTX_free(testctx);