2 * Copyright 2015-2020 The OpenSSL Project Authors. All Rights Reserved.
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
13 #include <openssl/bio.h>
14 #include <openssl/conf.h>
15 #include <openssl/crypto.h>
16 #include <openssl/err.h>
17 #include <openssl/evp.h>
18 #include <openssl/rsa.h>
19 #include <openssl/x509.h>
20 #include <openssl/pem.h>
21 #include <openssl/kdf.h>
22 #include <openssl/provider.h>
23 #include <openssl/core_names.h>
24 #include <openssl/params.h>
25 #include <openssl/dsa.h>
26 #include <openssl/dh.h>
28 #include "internal/nelem.h"
29 #include "internal/sizes.h"
30 #include "crypto/evp.h"
32 static OPENSSL_CTX *testctx = NULL;
35 * kExampleRSAKeyDER is an RSA private key in ASN.1, DER format. Of course, you
36 * should never use this key anywhere but in an example.
38 static const unsigned char kExampleRSAKeyDER[] = {
39 0x30, 0x82, 0x02, 0x5c, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81, 0x00, 0xf8,
40 0xb8, 0x6c, 0x83, 0xb4, 0xbc, 0xd9, 0xa8, 0x57, 0xc0, 0xa5, 0xb4, 0x59,
41 0x76, 0x8c, 0x54, 0x1d, 0x79, 0xeb, 0x22, 0x52, 0x04, 0x7e, 0xd3, 0x37,
42 0xeb, 0x41, 0xfd, 0x83, 0xf9, 0xf0, 0xa6, 0x85, 0x15, 0x34, 0x75, 0x71,
43 0x5a, 0x84, 0xa8, 0x3c, 0xd2, 0xef, 0x5a, 0x4e, 0xd3, 0xde, 0x97, 0x8a,
44 0xdd, 0xff, 0xbb, 0xcf, 0x0a, 0xaa, 0x86, 0x92, 0xbe, 0xb8, 0x50, 0xe4,
45 0xcd, 0x6f, 0x80, 0x33, 0x30, 0x76, 0x13, 0x8f, 0xca, 0x7b, 0xdc, 0xec,
46 0x5a, 0xca, 0x63, 0xc7, 0x03, 0x25, 0xef, 0xa8, 0x8a, 0x83, 0x58, 0x76,
47 0x20, 0xfa, 0x16, 0x77, 0xd7, 0x79, 0x92, 0x63, 0x01, 0x48, 0x1a, 0xd8,
48 0x7b, 0x67, 0xf1, 0x52, 0x55, 0x49, 0x4e, 0xd6, 0x6e, 0x4a, 0x5c, 0xd7,
49 0x7a, 0x37, 0x36, 0x0c, 0xde, 0xdd, 0x8f, 0x44, 0xe8, 0xc2, 0xa7, 0x2c,
50 0x2b, 0xb5, 0xaf, 0x64, 0x4b, 0x61, 0x07, 0x02, 0x03, 0x01, 0x00, 0x01,
51 0x02, 0x81, 0x80, 0x74, 0x88, 0x64, 0x3f, 0x69, 0x45, 0x3a, 0x6d, 0xc7,
52 0x7f, 0xb9, 0xa3, 0xc0, 0x6e, 0xec, 0xdc, 0xd4, 0x5a, 0xb5, 0x32, 0x85,
53 0x5f, 0x19, 0xd4, 0xf8, 0xd4, 0x3f, 0x3c, 0xfa, 0xc2, 0xf6, 0x5f, 0xee,
54 0xe6, 0xba, 0x87, 0x74, 0x2e, 0xc7, 0x0c, 0xd4, 0x42, 0xb8, 0x66, 0x85,
55 0x9c, 0x7b, 0x24, 0x61, 0xaa, 0x16, 0x11, 0xf6, 0xb5, 0xb6, 0xa4, 0x0a,
56 0xc9, 0x55, 0x2e, 0x81, 0xa5, 0x47, 0x61, 0xcb, 0x25, 0x8f, 0xc2, 0x15,
57 0x7b, 0x0e, 0x7c, 0x36, 0x9f, 0x3a, 0xda, 0x58, 0x86, 0x1c, 0x5b, 0x83,
58 0x79, 0xe6, 0x2b, 0xcc, 0xe6, 0xfa, 0x2c, 0x61, 0xf2, 0x78, 0x80, 0x1b,
59 0xe2, 0xf3, 0x9d, 0x39, 0x2b, 0x65, 0x57, 0x91, 0x3d, 0x71, 0x99, 0x73,
60 0xa5, 0xc2, 0x79, 0x20, 0x8c, 0x07, 0x4f, 0xe5, 0xb4, 0x60, 0x1f, 0x99,
61 0xa2, 0xb1, 0x4f, 0x0c, 0xef, 0xbc, 0x59, 0x53, 0x00, 0x7d, 0xb1, 0x02,
62 0x41, 0x00, 0xfc, 0x7e, 0x23, 0x65, 0x70, 0xf8, 0xce, 0xd3, 0x40, 0x41,
63 0x80, 0x6a, 0x1d, 0x01, 0xd6, 0x01, 0xff, 0xb6, 0x1b, 0x3d, 0x3d, 0x59,
64 0x09, 0x33, 0x79, 0xc0, 0x4f, 0xde, 0x96, 0x27, 0x4b, 0x18, 0xc6, 0xd9,
65 0x78, 0xf1, 0xf4, 0x35, 0x46, 0xe9, 0x7c, 0x42, 0x7a, 0x5d, 0x9f, 0xef,
66 0x54, 0xb8, 0xf7, 0x9f, 0xc4, 0x33, 0x6c, 0xf3, 0x8c, 0x32, 0x46, 0x87,
67 0x67, 0x30, 0x7b, 0xa7, 0xac, 0xe3, 0x02, 0x41, 0x00, 0xfc, 0x2c, 0xdf,
68 0x0c, 0x0d, 0x88, 0xf5, 0xb1, 0x92, 0xa8, 0x93, 0x47, 0x63, 0x55, 0xf5,
69 0xca, 0x58, 0x43, 0xba, 0x1c, 0xe5, 0x9e, 0xb6, 0x95, 0x05, 0xcd, 0xb5,
70 0x82, 0xdf, 0xeb, 0x04, 0x53, 0x9d, 0xbd, 0xc2, 0x38, 0x16, 0xb3, 0x62,
71 0xdd, 0xa1, 0x46, 0xdb, 0x6d, 0x97, 0x93, 0x9f, 0x8a, 0xc3, 0x9b, 0x64,
72 0x7e, 0x42, 0xe3, 0x32, 0x57, 0x19, 0x1b, 0xd5, 0x6e, 0x85, 0xfa, 0xb8,
73 0x8d, 0x02, 0x41, 0x00, 0xbc, 0x3d, 0xde, 0x6d, 0xd6, 0x97, 0xe8, 0xba,
74 0x9e, 0x81, 0x37, 0x17, 0xe5, 0xa0, 0x64, 0xc9, 0x00, 0xb7, 0xe7, 0xfe,
75 0xf4, 0x29, 0xd9, 0x2e, 0x43, 0x6b, 0x19, 0x20, 0xbd, 0x99, 0x75, 0xe7,
76 0x76, 0xf8, 0xd3, 0xae, 0xaf, 0x7e, 0xb8, 0xeb, 0x81, 0xf4, 0x9d, 0xfe,
77 0x07, 0x2b, 0x0b, 0x63, 0x0b, 0x5a, 0x55, 0x90, 0x71, 0x7d, 0xf1, 0xdb,
78 0xd9, 0xb1, 0x41, 0x41, 0x68, 0x2f, 0x4e, 0x39, 0x02, 0x40, 0x5a, 0x34,
79 0x66, 0xd8, 0xf5, 0xe2, 0x7f, 0x18, 0xb5, 0x00, 0x6e, 0x26, 0x84, 0x27,
80 0x14, 0x93, 0xfb, 0xfc, 0xc6, 0x0f, 0x5e, 0x27, 0xe6, 0xe1, 0xe9, 0xc0,
81 0x8a, 0xe4, 0x34, 0xda, 0xe9, 0xa2, 0x4b, 0x73, 0xbc, 0x8c, 0xb9, 0xba,
82 0x13, 0x6c, 0x7a, 0x2b, 0x51, 0x84, 0xa3, 0x4a, 0xe0, 0x30, 0x10, 0x06,
83 0x7e, 0xed, 0x17, 0x5a, 0x14, 0x00, 0xc9, 0xef, 0x85, 0xea, 0x52, 0x2c,
84 0xbc, 0x65, 0x02, 0x40, 0x51, 0xe3, 0xf2, 0x83, 0x19, 0x9b, 0xc4, 0x1e,
85 0x2f, 0x50, 0x3d, 0xdf, 0x5a, 0xa2, 0x18, 0xca, 0x5f, 0x2e, 0x49, 0xaf,
86 0x6f, 0xcc, 0xfa, 0x65, 0x77, 0x94, 0xb5, 0xa1, 0x0a, 0xa9, 0xd1, 0x8a,
87 0x39, 0x37, 0xf4, 0x0b, 0xa0, 0xd7, 0x82, 0x27, 0x5e, 0xae, 0x17, 0x17,
88 0xa1, 0x1e, 0x54, 0x34, 0xbf, 0x6e, 0xc4, 0x8e, 0x99, 0x5d, 0x08, 0xf1,
89 0x2d, 0x86, 0x9d, 0xa5, 0x20, 0x1b, 0xe5, 0xdf,
93 * kExampleDSAKeyDER is a DSA private key in ASN.1, DER format. Of course, you
94 * should never use this key anywhere but in an example.
96 #ifndef OPENSSL_NO_DSA
97 static const unsigned char kExampleDSAKeyDER[] = {
98 0x30, 0x82, 0x01, 0xba, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81, 0x00, 0x9a,
99 0x05, 0x6d, 0x33, 0xcd, 0x5d, 0x78, 0xa1, 0xbb, 0xcb, 0x7d, 0x5b, 0x8d,
100 0xb4, 0xcc, 0xbf, 0x03, 0x99, 0x64, 0xde, 0x38, 0x78, 0x06, 0x15, 0x2f,
101 0x86, 0x26, 0x77, 0xf3, 0xb1, 0x85, 0x00, 0xed, 0xfc, 0x28, 0x3a, 0x42,
102 0x4d, 0xab, 0xab, 0xdf, 0xbc, 0x9c, 0x16, 0xd0, 0x22, 0x50, 0xd1, 0x38,
103 0xdd, 0x3f, 0x64, 0x05, 0x9e, 0x68, 0x7a, 0x1e, 0xf1, 0x56, 0xbf, 0x1e,
104 0x2c, 0xc5, 0x97, 0x2a, 0xfe, 0x7a, 0x22, 0xdc, 0x6c, 0x68, 0xb8, 0x2e,
105 0x06, 0xdb, 0x41, 0xca, 0x98, 0xd8, 0x54, 0xc7, 0x64, 0x48, 0x24, 0x04,
106 0x20, 0xbc, 0x59, 0xe3, 0x6b, 0xea, 0x7e, 0xfc, 0x7e, 0xc5, 0x4e, 0xd4,
107 0xd8, 0x3a, 0xed, 0xcd, 0x5d, 0x99, 0xb8, 0x5c, 0xa2, 0x8b, 0xbb, 0x0b,
108 0xac, 0xe6, 0x8e, 0x25, 0x56, 0x22, 0x3a, 0x2d, 0x3a, 0x56, 0x41, 0x14,
109 0x1f, 0x1c, 0x8f, 0x53, 0x46, 0x13, 0x85, 0x02, 0x15, 0x00, 0x98, 0x7e,
110 0x92, 0x81, 0x88, 0xc7, 0x3f, 0x70, 0x49, 0x54, 0xf6, 0x76, 0xb4, 0xa3,
111 0x9e, 0x1d, 0x45, 0x98, 0x32, 0x7f, 0x02, 0x81, 0x80, 0x69, 0x4d, 0xef,
112 0x55, 0xff, 0x4d, 0x59, 0x2c, 0x01, 0xfa, 0x6a, 0x38, 0xe0, 0x70, 0x9f,
113 0x9e, 0x66, 0x8e, 0x3e, 0x8c, 0x52, 0x22, 0x9d, 0x15, 0x7e, 0x3c, 0xef,
114 0x4c, 0x7a, 0x61, 0x26, 0xe0, 0x2b, 0x81, 0x3f, 0xeb, 0xaf, 0x35, 0x38,
115 0x8d, 0xfe, 0xed, 0x46, 0xff, 0x5f, 0x03, 0x9b, 0x81, 0x92, 0xe7, 0x6f,
116 0x76, 0x4f, 0x1d, 0xd9, 0xbb, 0x89, 0xc9, 0x3e, 0xd9, 0x0b, 0xf9, 0xf4,
117 0x78, 0x11, 0x59, 0xc0, 0x1d, 0xcd, 0x0e, 0xa1, 0x6f, 0x15, 0xf1, 0x4d,
118 0xc1, 0xc9, 0x22, 0xed, 0x8d, 0xad, 0x67, 0xc5, 0x4b, 0x95, 0x93, 0x86,
119 0xa6, 0xaf, 0x8a, 0xee, 0x06, 0x89, 0x2f, 0x37, 0x7e, 0x64, 0xaa, 0xf6,
120 0xe7, 0xb1, 0x5a, 0x0a, 0x93, 0x95, 0x5d, 0x3e, 0x53, 0x9a, 0xde, 0x8a,
121 0xc2, 0x95, 0x45, 0x81, 0xbe, 0x5c, 0x2f, 0xc2, 0xb2, 0x92, 0x58, 0x19,
122 0x72, 0x80, 0xe9, 0x79, 0xa1, 0x02, 0x81, 0x80, 0x07, 0xd7, 0x62, 0xff,
123 0xdf, 0x1a, 0x3f, 0xed, 0x32, 0xd4, 0xd4, 0x88, 0x7b, 0x2c, 0x63, 0x7f,
124 0x97, 0xdc, 0x44, 0xd4, 0x84, 0xa2, 0xdd, 0x17, 0x16, 0x85, 0x13, 0xe0,
125 0xac, 0x51, 0x8d, 0x29, 0x1b, 0x75, 0x9a, 0xe4, 0xe3, 0x8a, 0x92, 0x69,
126 0x09, 0x03, 0xc5, 0x68, 0xae, 0x5e, 0x94, 0xfe, 0xc9, 0x92, 0x6c, 0x07,
127 0xb4, 0x1e, 0x64, 0x62, 0x87, 0xc6, 0xa4, 0xfd, 0x0d, 0x5f, 0xe5, 0xf9,
128 0x1b, 0x4f, 0x85, 0x5f, 0xae, 0xf3, 0x11, 0xe5, 0x18, 0xd4, 0x4d, 0x79,
129 0x9f, 0xc4, 0x79, 0x26, 0x04, 0x27, 0xf0, 0x0b, 0xee, 0x2b, 0x86, 0x9f,
130 0x86, 0x61, 0xe6, 0x51, 0xce, 0x04, 0x9b, 0x5d, 0x6b, 0x34, 0x43, 0x8c,
131 0x85, 0x3c, 0xf1, 0x51, 0x9b, 0x08, 0x23, 0x1b, 0xf5, 0x7e, 0x33, 0x12,
132 0xea, 0xab, 0x1f, 0xb7, 0x2d, 0xe2, 0x5f, 0xe6, 0x97, 0x99, 0xb5, 0x45,
133 0x16, 0x5b, 0xc3, 0x41, 0x02, 0x14, 0x61, 0xbf, 0x51, 0x60, 0xcf, 0xc8,
134 0xf1, 0x8c, 0x82, 0x97, 0xf2, 0xf4, 0x19, 0xba, 0x2b, 0xf3, 0x16, 0xbe,
140 * kExampleBadRSAKeyDER is an RSA private key in ASN.1, DER format. The private
141 * components are not correct.
143 static const unsigned char kExampleBadRSAKeyDER[] = {
144 0x30, 0x82, 0x04, 0x27, 0x02, 0x01, 0x00, 0x02, 0x82, 0x01, 0x01, 0x00,
145 0xa6, 0x1a, 0x1e, 0x6e, 0x7b, 0xee, 0xc6, 0x89, 0x66, 0xe7, 0x93, 0xef,
146 0x54, 0x12, 0x68, 0xea, 0xbf, 0x86, 0x2f, 0xdd, 0xd2, 0x79, 0xb8, 0xa9,
147 0x6e, 0x03, 0xc2, 0xa3, 0xb9, 0xa3, 0xe1, 0x4b, 0x2a, 0xb3, 0xf8, 0xb4,
148 0xcd, 0xea, 0xbe, 0x24, 0xa6, 0x57, 0x5b, 0x83, 0x1f, 0x0f, 0xf2, 0xd3,
149 0xb7, 0xac, 0x7e, 0xd6, 0x8e, 0x6e, 0x1e, 0xbf, 0xb8, 0x73, 0x8c, 0x05,
150 0x56, 0xe6, 0x35, 0x1f, 0xe9, 0x04, 0x0b, 0x09, 0x86, 0x7d, 0xf1, 0x26,
151 0x08, 0x99, 0xad, 0x7b, 0xc8, 0x4d, 0x94, 0xb0, 0x0b, 0x8b, 0x38, 0xa0,
152 0x5c, 0x62, 0xa0, 0xab, 0xd3, 0x8f, 0xd4, 0x09, 0x60, 0x72, 0x1e, 0x33,
153 0x50, 0x80, 0x6e, 0x22, 0xa6, 0x77, 0x57, 0x6b, 0x9a, 0x33, 0x21, 0x66,
154 0x87, 0x6e, 0x21, 0x7b, 0xc7, 0x24, 0x0e, 0xd8, 0x13, 0xdf, 0x83, 0xde,
155 0xcd, 0x40, 0x58, 0x1d, 0x84, 0x86, 0xeb, 0xb8, 0x12, 0x4e, 0xd2, 0xfa,
156 0x80, 0x1f, 0xe4, 0xe7, 0x96, 0x29, 0xb8, 0xcc, 0xce, 0x66, 0x6d, 0x53,
157 0xca, 0xb9, 0x5a, 0xd7, 0xf6, 0x84, 0x6c, 0x2d, 0x9a, 0x1a, 0x14, 0x1c,
158 0x4e, 0x93, 0x39, 0xba, 0x74, 0xed, 0xed, 0x87, 0x87, 0x5e, 0x48, 0x75,
159 0x36, 0xf0, 0xbc, 0x34, 0xfb, 0x29, 0xf9, 0x9f, 0x96, 0x5b, 0x0b, 0xa7,
160 0x54, 0x30, 0x51, 0x29, 0x18, 0x5b, 0x7d, 0xac, 0x0f, 0xd6, 0x5f, 0x7c,
161 0xf8, 0x98, 0x8c, 0xd8, 0x86, 0x62, 0xb3, 0xdc, 0xff, 0x0f, 0xff, 0x7a,
162 0xaf, 0x5c, 0x4c, 0x61, 0x49, 0x2e, 0xc8, 0x95, 0x86, 0xc4, 0x0e, 0x87,
163 0xfc, 0x1d, 0xcf, 0x8b, 0x7c, 0x61, 0xf6, 0xd8, 0xd0, 0x69, 0xf6, 0xcd,
164 0x8a, 0x8c, 0xf6, 0x62, 0xa2, 0x56, 0xa9, 0xe3, 0xd1, 0xcf, 0x4d, 0xa0,
165 0xf6, 0x2d, 0x20, 0x0a, 0x04, 0xb7, 0xa2, 0xf7, 0xb5, 0x99, 0x47, 0x18,
166 0x56, 0x85, 0x87, 0xc7, 0x02, 0x03, 0x01, 0x00, 0x01, 0x02, 0x82, 0x01,
167 0x01, 0x00, 0x99, 0x41, 0x38, 0x1a, 0xd0, 0x96, 0x7a, 0xf0, 0x83, 0xd5,
168 0xdf, 0x94, 0xce, 0x89, 0x3d, 0xec, 0x7a, 0x52, 0x21, 0x10, 0x16, 0x06,
169 0xe0, 0xee, 0xd2, 0xe6, 0xfd, 0x4b, 0x7b, 0x19, 0x4d, 0xe1, 0xc0, 0xc0,
170 0xd5, 0x14, 0x5d, 0x79, 0xdd, 0x7e, 0x8b, 0x4b, 0xc6, 0xcf, 0xb0, 0x75,
171 0x52, 0xa3, 0x2d, 0xb1, 0x26, 0x46, 0x68, 0x9c, 0x0a, 0x1a, 0xf2, 0xe1,
172 0x09, 0xac, 0x53, 0x85, 0x8c, 0x36, 0xa9, 0x14, 0x65, 0xea, 0xa0, 0x00,
173 0xcb, 0xe3, 0x3f, 0xc4, 0x2b, 0x61, 0x2e, 0x6b, 0x06, 0x69, 0x77, 0xfd,
174 0x38, 0x7e, 0x1d, 0x3f, 0x92, 0xe7, 0x77, 0x08, 0x19, 0xa7, 0x9d, 0x29,
175 0x2d, 0xdc, 0x42, 0xc6, 0x7c, 0xd7, 0xd3, 0xa8, 0x01, 0x2c, 0xf2, 0xd5,
176 0x82, 0x57, 0xcb, 0x55, 0x3d, 0xe7, 0xaa, 0xd2, 0x06, 0x30, 0x30, 0x05,
177 0xe6, 0xf2, 0x47, 0x86, 0xba, 0xc6, 0x61, 0x64, 0xeb, 0x4f, 0x2a, 0x5e,
178 0x07, 0x29, 0xe0, 0x96, 0xb2, 0x43, 0xff, 0x5f, 0x1a, 0x54, 0x16, 0xcf,
179 0xb5, 0x56, 0x5c, 0xa0, 0x9b, 0x0c, 0xfd, 0xb3, 0xd2, 0xe3, 0x79, 0x1d,
180 0x21, 0xe2, 0xd6, 0x13, 0xc4, 0x74, 0xa6, 0xf5, 0x8e, 0x8e, 0x81, 0xbb,
181 0xb4, 0xad, 0x8a, 0xf0, 0x93, 0x0a, 0xd8, 0x0a, 0x42, 0x36, 0xbc, 0xe5,
182 0x26, 0x2a, 0x0d, 0x5d, 0x57, 0x13, 0xc5, 0x4e, 0x2f, 0x12, 0x0e, 0xef,
183 0xa7, 0x81, 0x1e, 0xc3, 0xa5, 0xdb, 0xc9, 0x24, 0xeb, 0x1a, 0xa1, 0xf9,
184 0xf6, 0xa1, 0x78, 0x98, 0x93, 0x77, 0x42, 0x45, 0x03, 0xe2, 0xc9, 0xa2,
185 0xfe, 0x2d, 0x77, 0xc8, 0xc6, 0xac, 0x9b, 0x98, 0x89, 0x6d, 0x9a, 0xe7,
186 0x61, 0x63, 0xb7, 0xf2, 0xec, 0xd6, 0xb1, 0xa1, 0x6e, 0x0a, 0x1a, 0xff,
187 0xfd, 0x43, 0x28, 0xc3, 0x0c, 0xdc, 0xf2, 0x47, 0x4f, 0x27, 0xaa, 0x99,
188 0x04, 0x8e, 0xac, 0xe8, 0x7c, 0x01, 0x02, 0x04, 0x12, 0x34, 0x56, 0x78,
189 0x02, 0x81, 0x81, 0x00, 0xca, 0x69, 0xe5, 0xbb, 0x3a, 0x90, 0x82, 0xcb,
190 0x82, 0x50, 0x2f, 0x29, 0xe2, 0x76, 0x6a, 0x57, 0x55, 0x45, 0x4e, 0x35,
191 0x18, 0x61, 0xe0, 0x12, 0x70, 0xc0, 0xab, 0xc7, 0x80, 0xa2, 0xd4, 0x46,
192 0x34, 0x03, 0xa0, 0x19, 0x26, 0x23, 0x9e, 0xef, 0x1a, 0xcb, 0x75, 0xd6,
193 0xba, 0x81, 0xf4, 0x7e, 0x52, 0xe5, 0x2a, 0xe8, 0xf1, 0x49, 0x6c, 0x0f,
194 0x1a, 0xa0, 0xf9, 0xc6, 0xe7, 0xec, 0x60, 0xe4, 0xcb, 0x2a, 0xb5, 0x56,
195 0xe9, 0x9c, 0xcd, 0x19, 0x75, 0x92, 0xb1, 0x66, 0xce, 0xc3, 0xd9, 0x3d,
196 0x11, 0xcb, 0xc4, 0x09, 0xce, 0x1e, 0x30, 0xba, 0x2f, 0x60, 0x60, 0x55,
197 0x8d, 0x02, 0xdc, 0x5d, 0xaf, 0xf7, 0x52, 0x31, 0x17, 0x07, 0x53, 0x20,
198 0x33, 0xad, 0x8c, 0xd5, 0x2f, 0x5a, 0xd0, 0x57, 0xd7, 0xd1, 0x80, 0xd6,
199 0x3a, 0x9b, 0x04, 0x4f, 0x35, 0xbf, 0xe7, 0xd5, 0xbc, 0x8f, 0xd4, 0x81,
200 0x02, 0x81, 0x81, 0x00, 0xc0, 0x9f, 0xf8, 0xcd, 0xf7, 0x3f, 0x26, 0x8a,
201 0x3d, 0x4d, 0x2b, 0x0c, 0x01, 0xd0, 0xa2, 0xb4, 0x18, 0xfe, 0xf7, 0x5e,
202 0x2f, 0x06, 0x13, 0xcd, 0x63, 0xaa, 0x12, 0xa9, 0x24, 0x86, 0xe3, 0xf3,
203 0x7b, 0xda, 0x1a, 0x3c, 0xb1, 0x38, 0x80, 0x80, 0xef, 0x64, 0x64, 0xa1,
204 0x9b, 0xfe, 0x76, 0x63, 0x8e, 0x83, 0xd2, 0xd9, 0xb9, 0x86, 0xb0, 0xe6,
205 0xa6, 0x0c, 0x7e, 0xa8, 0x84, 0x90, 0x98, 0x0c, 0x1e, 0xf3, 0x14, 0x77,
206 0xe0, 0x5f, 0x81, 0x08, 0x11, 0x8f, 0xa6, 0x23, 0xc4, 0xba, 0xc0, 0x8a,
207 0xe4, 0xc6, 0xe3, 0x5c, 0xbe, 0xc5, 0xec, 0x2c, 0xb9, 0xd8, 0x8c, 0x4d,
208 0x1a, 0x9d, 0xe7, 0x7c, 0x85, 0x4c, 0x0d, 0x71, 0x4e, 0x72, 0x33, 0x1b,
209 0xfe, 0xa9, 0x17, 0x72, 0x76, 0x56, 0x9d, 0x74, 0x7e, 0x52, 0x67, 0x9a,
210 0x87, 0x9a, 0xdb, 0x30, 0xde, 0xe4, 0x49, 0x28, 0x3b, 0xd2, 0x67, 0xaf,
211 0x02, 0x81, 0x81, 0x00, 0x89, 0x74, 0x9a, 0x8e, 0xa7, 0xb9, 0xa5, 0x28,
212 0xc0, 0x68, 0xe5, 0x6e, 0x63, 0x1c, 0x99, 0x20, 0x8f, 0x86, 0x8e, 0x12,
213 0x9e, 0x69, 0x30, 0xfa, 0x34, 0xd9, 0x92, 0x8d, 0xdb, 0x7c, 0x37, 0xfd,
214 0x28, 0xab, 0x61, 0x98, 0x52, 0x7f, 0x14, 0x1a, 0x39, 0xae, 0xfb, 0x6a,
215 0x03, 0xa3, 0xe6, 0xbd, 0xb6, 0x5b, 0x6b, 0xe5, 0x5e, 0x9d, 0xc6, 0xa5,
216 0x07, 0x27, 0x54, 0x17, 0xd0, 0x3d, 0x84, 0x9b, 0x3a, 0xa0, 0xd9, 0x1e,
217 0x99, 0x6c, 0x63, 0x17, 0xab, 0xf1, 0x1f, 0x49, 0xba, 0x95, 0xe3, 0x3b,
218 0x86, 0x8f, 0x42, 0xa4, 0x89, 0xf5, 0x94, 0x8f, 0x8b, 0x46, 0xbe, 0x84,
219 0xba, 0x4a, 0xbc, 0x0d, 0x5f, 0x46, 0xeb, 0xe8, 0xec, 0x43, 0x8c, 0x1e,
220 0xad, 0x19, 0x69, 0x2f, 0x08, 0x86, 0x7a, 0x3f, 0x7d, 0x0f, 0x07, 0x97,
221 0xf3, 0x9a, 0x7b, 0xb5, 0xb2, 0xc1, 0x8c, 0x95, 0x68, 0x04, 0xa0, 0x81,
222 0x02, 0x81, 0x80, 0x4e, 0xbf, 0x7e, 0x1b, 0xcb, 0x13, 0x61, 0x75, 0x3b,
223 0xdb, 0x59, 0x5f, 0xb1, 0xd4, 0xb8, 0xeb, 0x9e, 0x73, 0xb5, 0xe7, 0xf6,
224 0x89, 0x3d, 0x1c, 0xda, 0xf0, 0x36, 0xff, 0x35, 0xbd, 0x1e, 0x0b, 0x74,
225 0xe3, 0x9e, 0xf0, 0xf2, 0xf7, 0xd7, 0x82, 0xb7, 0x7b, 0x6a, 0x1b, 0x0e,
226 0x30, 0x4a, 0x98, 0x0e, 0xb4, 0xf9, 0x81, 0x07, 0xe4, 0x75, 0x39, 0xe9,
227 0x53, 0xca, 0xbb, 0x5c, 0xaa, 0x93, 0x07, 0x0e, 0xa8, 0x2f, 0xba, 0x98,
228 0x49, 0x30, 0xa7, 0xcc, 0x1a, 0x3c, 0x68, 0x0c, 0xe1, 0xa4, 0xb1, 0x05,
229 0xe6, 0xe0, 0x25, 0x78, 0x58, 0x14, 0x37, 0xf5, 0x1f, 0xe3, 0x22, 0xef,
230 0xa8, 0x0e, 0x22, 0xa0, 0x94, 0x3a, 0xf6, 0xc9, 0x13, 0xe6, 0x06, 0xbf,
231 0x7f, 0x99, 0xc6, 0xcc, 0xd8, 0xc6, 0xbe, 0xd9, 0x2e, 0x24, 0xc7, 0x69,
232 0x8c, 0x95, 0xba, 0xf6, 0x04, 0xb3, 0x0a, 0xf4, 0xcb, 0xf0, 0xce,
235 static const unsigned char kMsg[] = { 1, 2, 3, 4 };
237 static const unsigned char kSignature[] = {
238 0xa5, 0xf0, 0x8a, 0x47, 0x5d, 0x3c, 0xb3, 0xcc, 0xa9, 0x79, 0xaf, 0x4d,
239 0x8c, 0xae, 0x4c, 0x14, 0xef, 0xc2, 0x0b, 0x34, 0x36, 0xde, 0xf4, 0x3e,
240 0x3d, 0xbb, 0x4a, 0x60, 0x5c, 0xc8, 0x91, 0x28, 0xda, 0xfb, 0x7e, 0x04,
241 0x96, 0x7e, 0x63, 0x13, 0x90, 0xce, 0xb9, 0xb4, 0x62, 0x7a, 0xfd, 0x09,
242 0x3d, 0xc7, 0x67, 0x78, 0x54, 0x04, 0xeb, 0x52, 0x62, 0x6e, 0x24, 0x67,
243 0xb4, 0x40, 0xfc, 0x57, 0x62, 0xc6, 0xf1, 0x67, 0xc1, 0x97, 0x8f, 0x6a,
244 0xa8, 0xae, 0x44, 0x46, 0x5e, 0xab, 0x67, 0x17, 0x53, 0x19, 0x3a, 0xda,
245 0x5a, 0xc8, 0x16, 0x3e, 0x86, 0xd5, 0xc5, 0x71, 0x2f, 0xfc, 0x23, 0x48,
246 0xd9, 0x0b, 0x13, 0xdd, 0x7b, 0x5a, 0x25, 0x79, 0xef, 0xa5, 0x7b, 0x04,
247 0xed, 0x44, 0xf6, 0x18, 0x55, 0xe4, 0x0a, 0xe9, 0x57, 0x79, 0x5d, 0xd7,
248 0x55, 0xa7, 0xab, 0x45, 0x02, 0x97, 0x60, 0x42,
252 * kExampleRSAKeyPKCS8 is kExampleRSAKeyDER encoded in a PKCS #8
255 static const unsigned char kExampleRSAKeyPKCS8[] = {
256 0x30, 0x82, 0x02, 0x76, 0x02, 0x01, 0x00, 0x30, 0x0d, 0x06, 0x09, 0x2a,
257 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x04, 0x82,
258 0x02, 0x60, 0x30, 0x82, 0x02, 0x5c, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81,
259 0x00, 0xf8, 0xb8, 0x6c, 0x83, 0xb4, 0xbc, 0xd9, 0xa8, 0x57, 0xc0, 0xa5,
260 0xb4, 0x59, 0x76, 0x8c, 0x54, 0x1d, 0x79, 0xeb, 0x22, 0x52, 0x04, 0x7e,
261 0xd3, 0x37, 0xeb, 0x41, 0xfd, 0x83, 0xf9, 0xf0, 0xa6, 0x85, 0x15, 0x34,
262 0x75, 0x71, 0x5a, 0x84, 0xa8, 0x3c, 0xd2, 0xef, 0x5a, 0x4e, 0xd3, 0xde,
263 0x97, 0x8a, 0xdd, 0xff, 0xbb, 0xcf, 0x0a, 0xaa, 0x86, 0x92, 0xbe, 0xb8,
264 0x50, 0xe4, 0xcd, 0x6f, 0x80, 0x33, 0x30, 0x76, 0x13, 0x8f, 0xca, 0x7b,
265 0xdc, 0xec, 0x5a, 0xca, 0x63, 0xc7, 0x03, 0x25, 0xef, 0xa8, 0x8a, 0x83,
266 0x58, 0x76, 0x20, 0xfa, 0x16, 0x77, 0xd7, 0x79, 0x92, 0x63, 0x01, 0x48,
267 0x1a, 0xd8, 0x7b, 0x67, 0xf1, 0x52, 0x55, 0x49, 0x4e, 0xd6, 0x6e, 0x4a,
268 0x5c, 0xd7, 0x7a, 0x37, 0x36, 0x0c, 0xde, 0xdd, 0x8f, 0x44, 0xe8, 0xc2,
269 0xa7, 0x2c, 0x2b, 0xb5, 0xaf, 0x64, 0x4b, 0x61, 0x07, 0x02, 0x03, 0x01,
270 0x00, 0x01, 0x02, 0x81, 0x80, 0x74, 0x88, 0x64, 0x3f, 0x69, 0x45, 0x3a,
271 0x6d, 0xc7, 0x7f, 0xb9, 0xa3, 0xc0, 0x6e, 0xec, 0xdc, 0xd4, 0x5a, 0xb5,
272 0x32, 0x85, 0x5f, 0x19, 0xd4, 0xf8, 0xd4, 0x3f, 0x3c, 0xfa, 0xc2, 0xf6,
273 0x5f, 0xee, 0xe6, 0xba, 0x87, 0x74, 0x2e, 0xc7, 0x0c, 0xd4, 0x42, 0xb8,
274 0x66, 0x85, 0x9c, 0x7b, 0x24, 0x61, 0xaa, 0x16, 0x11, 0xf6, 0xb5, 0xb6,
275 0xa4, 0x0a, 0xc9, 0x55, 0x2e, 0x81, 0xa5, 0x47, 0x61, 0xcb, 0x25, 0x8f,
276 0xc2, 0x15, 0x7b, 0x0e, 0x7c, 0x36, 0x9f, 0x3a, 0xda, 0x58, 0x86, 0x1c,
277 0x5b, 0x83, 0x79, 0xe6, 0x2b, 0xcc, 0xe6, 0xfa, 0x2c, 0x61, 0xf2, 0x78,
278 0x80, 0x1b, 0xe2, 0xf3, 0x9d, 0x39, 0x2b, 0x65, 0x57, 0x91, 0x3d, 0x71,
279 0x99, 0x73, 0xa5, 0xc2, 0x79, 0x20, 0x8c, 0x07, 0x4f, 0xe5, 0xb4, 0x60,
280 0x1f, 0x99, 0xa2, 0xb1, 0x4f, 0x0c, 0xef, 0xbc, 0x59, 0x53, 0x00, 0x7d,
281 0xb1, 0x02, 0x41, 0x00, 0xfc, 0x7e, 0x23, 0x65, 0x70, 0xf8, 0xce, 0xd3,
282 0x40, 0x41, 0x80, 0x6a, 0x1d, 0x01, 0xd6, 0x01, 0xff, 0xb6, 0x1b, 0x3d,
283 0x3d, 0x59, 0x09, 0x33, 0x79, 0xc0, 0x4f, 0xde, 0x96, 0x27, 0x4b, 0x18,
284 0xc6, 0xd9, 0x78, 0xf1, 0xf4, 0x35, 0x46, 0xe9, 0x7c, 0x42, 0x7a, 0x5d,
285 0x9f, 0xef, 0x54, 0xb8, 0xf7, 0x9f, 0xc4, 0x33, 0x6c, 0xf3, 0x8c, 0x32,
286 0x46, 0x87, 0x67, 0x30, 0x7b, 0xa7, 0xac, 0xe3, 0x02, 0x41, 0x00, 0xfc,
287 0x2c, 0xdf, 0x0c, 0x0d, 0x88, 0xf5, 0xb1, 0x92, 0xa8, 0x93, 0x47, 0x63,
288 0x55, 0xf5, 0xca, 0x58, 0x43, 0xba, 0x1c, 0xe5, 0x9e, 0xb6, 0x95, 0x05,
289 0xcd, 0xb5, 0x82, 0xdf, 0xeb, 0x04, 0x53, 0x9d, 0xbd, 0xc2, 0x38, 0x16,
290 0xb3, 0x62, 0xdd, 0xa1, 0x46, 0xdb, 0x6d, 0x97, 0x93, 0x9f, 0x8a, 0xc3,
291 0x9b, 0x64, 0x7e, 0x42, 0xe3, 0x32, 0x57, 0x19, 0x1b, 0xd5, 0x6e, 0x85,
292 0xfa, 0xb8, 0x8d, 0x02, 0x41, 0x00, 0xbc, 0x3d, 0xde, 0x6d, 0xd6, 0x97,
293 0xe8, 0xba, 0x9e, 0x81, 0x37, 0x17, 0xe5, 0xa0, 0x64, 0xc9, 0x00, 0xb7,
294 0xe7, 0xfe, 0xf4, 0x29, 0xd9, 0x2e, 0x43, 0x6b, 0x19, 0x20, 0xbd, 0x99,
295 0x75, 0xe7, 0x76, 0xf8, 0xd3, 0xae, 0xaf, 0x7e, 0xb8, 0xeb, 0x81, 0xf4,
296 0x9d, 0xfe, 0x07, 0x2b, 0x0b, 0x63, 0x0b, 0x5a, 0x55, 0x90, 0x71, 0x7d,
297 0xf1, 0xdb, 0xd9, 0xb1, 0x41, 0x41, 0x68, 0x2f, 0x4e, 0x39, 0x02, 0x40,
298 0x5a, 0x34, 0x66, 0xd8, 0xf5, 0xe2, 0x7f, 0x18, 0xb5, 0x00, 0x6e, 0x26,
299 0x84, 0x27, 0x14, 0x93, 0xfb, 0xfc, 0xc6, 0x0f, 0x5e, 0x27, 0xe6, 0xe1,
300 0xe9, 0xc0, 0x8a, 0xe4, 0x34, 0xda, 0xe9, 0xa2, 0x4b, 0x73, 0xbc, 0x8c,
301 0xb9, 0xba, 0x13, 0x6c, 0x7a, 0x2b, 0x51, 0x84, 0xa3, 0x4a, 0xe0, 0x30,
302 0x10, 0x06, 0x7e, 0xed, 0x17, 0x5a, 0x14, 0x00, 0xc9, 0xef, 0x85, 0xea,
303 0x52, 0x2c, 0xbc, 0x65, 0x02, 0x40, 0x51, 0xe3, 0xf2, 0x83, 0x19, 0x9b,
304 0xc4, 0x1e, 0x2f, 0x50, 0x3d, 0xdf, 0x5a, 0xa2, 0x18, 0xca, 0x5f, 0x2e,
305 0x49, 0xaf, 0x6f, 0xcc, 0xfa, 0x65, 0x77, 0x94, 0xb5, 0xa1, 0x0a, 0xa9,
306 0xd1, 0x8a, 0x39, 0x37, 0xf4, 0x0b, 0xa0, 0xd7, 0x82, 0x27, 0x5e, 0xae,
307 0x17, 0x17, 0xa1, 0x1e, 0x54, 0x34, 0xbf, 0x6e, 0xc4, 0x8e, 0x99, 0x5d,
308 0x08, 0xf1, 0x2d, 0x86, 0x9d, 0xa5, 0x20, 0x1b, 0xe5, 0xdf,
311 #ifndef OPENSSL_NO_EC
313 * kExampleECKeyDER is a sample EC private key encoded as an ECPrivateKey
316 static const unsigned char kExampleECKeyDER[] = {
317 0x30, 0x77, 0x02, 0x01, 0x01, 0x04, 0x20, 0x07, 0x0f, 0x08, 0x72, 0x7a,
318 0xd4, 0xa0, 0x4a, 0x9c, 0xdd, 0x59, 0xc9, 0x4d, 0x89, 0x68, 0x77, 0x08,
319 0xb5, 0x6f, 0xc9, 0x5d, 0x30, 0x77, 0x0e, 0xe8, 0xd1, 0xc9, 0xce, 0x0a,
320 0x8b, 0xb4, 0x6a, 0xa0, 0x0a, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d,
321 0x03, 0x01, 0x07, 0xa1, 0x44, 0x03, 0x42, 0x00, 0x04, 0xe6, 0x2b, 0x69,
322 0xe2, 0xbf, 0x65, 0x9f, 0x97, 0xbe, 0x2f, 0x1e, 0x0d, 0x94, 0x8a, 0x4c,
323 0xd5, 0x97, 0x6b, 0xb7, 0xa9, 0x1e, 0x0d, 0x46, 0xfb, 0xdd, 0xa9, 0xa9,
324 0x1e, 0x9d, 0xdc, 0xba, 0x5a, 0x01, 0xe7, 0xd6, 0x97, 0xa8, 0x0a, 0x18,
325 0xf9, 0xc3, 0xc4, 0xa3, 0x1e, 0x56, 0xe2, 0x7c, 0x83, 0x48, 0xdb, 0x16,
326 0x1a, 0x1c, 0xf5, 0x1d, 0x7e, 0xf1, 0x94, 0x2d, 0x4b, 0xcf, 0x72, 0x22,
331 * kExampleBadECKeyDER is a sample EC private key encoded as an ECPrivateKey
332 * structure. The private key is equal to the order and will fail to import
334 static const unsigned char kExampleBadECKeyDER[] = {
335 0x30, 0x66, 0x02, 0x01, 0x00, 0x30, 0x13, 0x06, 0x07, 0x2A, 0x86, 0x48,
336 0xCE, 0x3D, 0x02, 0x01, 0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x03,
337 0x01, 0x07, 0x04, 0x4C, 0x30, 0x4A, 0x02, 0x01, 0x01, 0x04, 0x20, 0xFF,
338 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
339 0xFF, 0xFF, 0xFF, 0xBC, 0xE6, 0xFA, 0xAD, 0xA7, 0x17, 0x9E, 0x84, 0xF3,
340 0xB9, 0xCA, 0xC2, 0xFC, 0x63, 0x25, 0x51, 0xA1, 0x23, 0x03, 0x21, 0x00,
341 0x00, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF,
342 0xFF, 0xFF, 0xFF, 0xFF, 0xBC, 0xE6, 0xFA, 0xAD, 0xA7, 0x17, 0x9E, 0x84,
343 0xF3, 0xB9, 0xCA, 0xC2, 0xFC, 0x63, 0x25, 0x51
347 static const unsigned char kExampleECPubKeyDER[] = {
348 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
349 0x01, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, 0x03,
350 0x42, 0x00, 0x04, 0xba, 0xeb, 0x83, 0xfb, 0x3b, 0xb2, 0xff, 0x30, 0x53,
351 0xdb, 0xce, 0x32, 0xf2, 0xac, 0xae, 0x44, 0x0d, 0x3d, 0x13, 0x53, 0xb8,
352 0xd1, 0x68, 0x55, 0xde, 0x44, 0x46, 0x05, 0xa6, 0xc9, 0xd2, 0x04, 0xb7,
353 0xe3, 0xa2, 0x96, 0xc8, 0xb2, 0x5e, 0x22, 0x03, 0xd7, 0x03, 0x7a, 0x8b,
354 0x13, 0x5c, 0x42, 0x49, 0xc2, 0xab, 0x86, 0xd6, 0xac, 0x6b, 0x93, 0x20,
355 0x56, 0x6a, 0xc6, 0xc8, 0xa5, 0x0b, 0xe5
359 * kExampleBadECPubKeyDER is a sample EC public key with a wrong OID
360 * 1.2.840.10045.2.2 instead of 1.2.840.10045.2.1 - EC Public Key
362 static const unsigned char kExampleBadECPubKeyDER[] = {
363 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
364 0x02, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, 0x03,
365 0x42, 0x00, 0x04, 0xba, 0xeb, 0x83, 0xfb, 0x3b, 0xb2, 0xff, 0x30, 0x53,
366 0xdb, 0xce, 0x32, 0xf2, 0xac, 0xae, 0x44, 0x0d, 0x3d, 0x13, 0x53, 0xb8,
367 0xd1, 0x68, 0x55, 0xde, 0x44, 0x46, 0x05, 0xa6, 0xc9, 0xd2, 0x04, 0xb7,
368 0xe3, 0xa2, 0x96, 0xc8, 0xb2, 0x5e, 0x22, 0x03, 0xd7, 0x03, 0x7a, 0x8b,
369 0x13, 0x5c, 0x42, 0x49, 0xc2, 0xab, 0x86, 0xd6, 0xac, 0x6b, 0x93, 0x20,
370 0x56, 0x6a, 0xc6, 0xc8, 0xa5, 0x0b, 0xe5
373 static const unsigned char pExampleECParamDER[] = {
374 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07
378 typedef struct APK_DATA_st {
379 const unsigned char *kder;
385 int type; /* 0 for private, 1 for public, 2 for params */
388 static APK_DATA keydata[] = {
389 {kExampleRSAKeyDER, sizeof(kExampleRSAKeyDER), EVP_PKEY_RSA},
390 {kExampleRSAKeyPKCS8, sizeof(kExampleRSAKeyPKCS8), EVP_PKEY_RSA},
391 #ifndef OPENSSL_NO_EC
392 {kExampleECKeyDER, sizeof(kExampleECKeyDER), EVP_PKEY_EC}
396 static APK_DATA keycheckdata[] = {
397 {kExampleRSAKeyDER, sizeof(kExampleRSAKeyDER), EVP_PKEY_RSA, 1, -2, -2, 0},
398 {kExampleBadRSAKeyDER, sizeof(kExampleBadRSAKeyDER), EVP_PKEY_RSA,
400 #ifndef OPENSSL_NO_EC
401 {kExampleECKeyDER, sizeof(kExampleECKeyDER), EVP_PKEY_EC, 1, 1, 1, 0},
402 /* group is also associated in our pub key */
403 {kExampleECPubKeyDER, sizeof(kExampleECPubKeyDER), EVP_PKEY_EC, 0, 1, 1, 1},
404 {pExampleECParamDER, sizeof(pExampleECParamDER), EVP_PKEY_EC, 0, 0, 1, 2}
408 static EVP_PKEY *load_example_rsa_key(void)
410 EVP_PKEY *ret = NULL;
411 const unsigned char *derp = kExampleRSAKeyDER;
412 EVP_PKEY *pkey = NULL;
415 if (!TEST_true(d2i_RSAPrivateKey(&rsa, &derp, sizeof(kExampleRSAKeyDER))))
418 if (!TEST_ptr(pkey = EVP_PKEY_new())
419 || !TEST_true(EVP_PKEY_set1_RSA(pkey, rsa)))
432 #ifndef OPENSSL_NO_DSA
433 static EVP_PKEY *load_example_dsa_key(void)
435 EVP_PKEY *ret = NULL;
436 const unsigned char *derp = kExampleDSAKeyDER;
437 EVP_PKEY *pkey = NULL;
440 if (!TEST_true(d2i_DSAPrivateKey(&dsa, &derp, sizeof(kExampleDSAKeyDER))))
443 if (!TEST_ptr(pkey = EVP_PKEY_new())
444 || !TEST_true(EVP_PKEY_set1_DSA(pkey, dsa)))
458 static EVP_PKEY *load_example_hmac_key(void)
460 EVP_PKEY *pkey = NULL;
461 unsigned char key[] = {
462 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
463 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
464 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f
467 pkey = EVP_PKEY_new_raw_private_key(EVP_PKEY_HMAC, NULL, key, sizeof(key));
474 static int test_EVP_Enveloped(void)
477 EVP_CIPHER_CTX *ctx = NULL;
478 EVP_PKEY *keypair = NULL;
479 unsigned char *kek = NULL;
480 unsigned char iv[EVP_MAX_IV_LENGTH];
481 static const unsigned char msg[] = { 1, 2, 3, 4, 5, 6, 7, 8 };
482 int len, kek_len, ciphertext_len, plaintext_len;
483 unsigned char ciphertext[32], plaintext[16];
484 const EVP_CIPHER *type = EVP_aes_256_cbc();
486 if (!TEST_ptr(keypair = load_example_rsa_key())
487 || !TEST_ptr(kek = OPENSSL_zalloc(EVP_PKEY_size(keypair)))
488 || !TEST_ptr(ctx = EVP_CIPHER_CTX_new())
489 || !TEST_true(EVP_SealInit(ctx, type, &kek, &kek_len, iv,
491 || !TEST_true(EVP_SealUpdate(ctx, ciphertext, &ciphertext_len,
493 || !TEST_true(EVP_SealFinal(ctx, ciphertext + ciphertext_len,
497 ciphertext_len += len;
499 if (!TEST_true(EVP_OpenInit(ctx, type, kek, kek_len, iv, keypair))
500 || !TEST_true(EVP_OpenUpdate(ctx, plaintext, &plaintext_len,
501 ciphertext, ciphertext_len))
502 || !TEST_true(EVP_OpenFinal(ctx, plaintext + plaintext_len, &len)))
505 plaintext_len += len;
506 if (!TEST_mem_eq(msg, sizeof(msg), plaintext, plaintext_len))
512 EVP_PKEY_free(keypair);
513 EVP_CIPHER_CTX_free(ctx);
518 * Test 0: Standard calls to EVP_DigestSignInit/Update/Final (Implicit fetch digest, RSA)
519 * Test 1: Standard calls to EVP_DigestSignInit/Update/Final (Implicit fetch digest, DSA)
520 * Test 2: Standard calls to EVP_DigestSignInit/Update/Final (Implicit fetch digest, HMAC)
521 * Test 3: Standard calls to EVP_DigestSignInit/Update/Final (Explicit fetch digest, RSA)
522 * Test 4: Standard calls to EVP_DigestSignInit/Update/Final (Explicit fetch digest, DSA)
523 * Test 5: Standard calls to EVP_DigestSignInit/Update/Final (Explicit fetch diegst, HMAC)
524 * Test 6: Use an MD BIO to do the Update calls instead (RSA)
525 * Test 7: Use an MD BIO to do the Update calls instead (DSA)
526 * Test 8: Use an MD BIO to do the Update calls instead (HMAC)
528 static int test_EVP_DigestSignInit(int tst)
531 EVP_PKEY *pkey = NULL;
532 unsigned char *sig = NULL;
534 EVP_MD_CTX *md_ctx = NULL, *md_ctx_verify = NULL;
535 EVP_MD_CTX *a_md_ctx = NULL, *a_md_ctx_verify = NULL;
536 BIO *mdbio = NULL, *membio = NULL;
539 EVP_MD *mdexp = NULL;
542 membio = BIO_new(BIO_s_mem());
543 mdbio = BIO_new(BIO_f_md());
544 if (!TEST_ptr(membio) || !TEST_ptr(mdbio))
546 BIO_push(mdbio, membio);
547 if (!TEST_int_gt(BIO_get_md_ctx(mdbio, &md_ctx), 0))
550 if (!TEST_ptr(a_md_ctx = md_ctx = EVP_MD_CTX_new())
551 || !TEST_ptr(a_md_ctx_verify = md_ctx_verify = EVP_MD_CTX_new()))
555 if (tst == 0 || tst == 3 || tst == 6) {
556 if (!TEST_ptr(pkey = load_example_rsa_key()))
558 } else if (tst == 1 || tst == 4 || tst == 7) {
559 #ifndef OPENSSL_NO_DSA
560 if (!TEST_ptr(pkey = load_example_dsa_key()))
567 if (!TEST_ptr(pkey = load_example_hmac_key()))
571 if (tst >= 3 && tst <= 5)
572 md = mdexp = EVP_MD_fetch(NULL, "SHA256", NULL);
576 if (!TEST_true(EVP_DigestSignInit(md_ctx, NULL, md, NULL, pkey)))
580 if (!BIO_write_ex(mdbio, kMsg, sizeof(kMsg), &written))
583 if (!TEST_true(EVP_DigestSignUpdate(md_ctx, kMsg, sizeof(kMsg))))
587 /* Determine the size of the signature. */
588 if (!TEST_true(EVP_DigestSignFinal(md_ctx, NULL, &sig_len))
589 || !TEST_ptr(sig = OPENSSL_malloc(sig_len))
590 || !TEST_true(EVP_DigestSignFinal(md_ctx, sig, &sig_len)))
594 if (!TEST_int_gt(BIO_reset(mdbio), 0)
595 || !TEST_int_gt(BIO_get_md_ctx(mdbio, &md_ctx_verify), 0))
600 * Ensure that the signature round-trips (Verification isn't supported for
601 * HMAC via EVP_DigestVerify*)
603 if (tst != 2 && tst != 5 && tst != 8) {
604 if (!TEST_true(EVP_DigestVerifyInit(md_ctx_verify, NULL, md,
609 if (!TEST_true(BIO_write_ex(mdbio, kMsg, sizeof(kMsg), &written)))
612 if (!TEST_true(EVP_DigestVerifyUpdate(md_ctx_verify, kMsg,
616 if (!TEST_true(EVP_DigestVerifyFinal(md_ctx_verify, sig, sig_len)))
625 EVP_MD_CTX_free(a_md_ctx);
626 EVP_MD_CTX_free(a_md_ctx_verify);
634 static int test_EVP_DigestVerifyInit(void)
637 EVP_PKEY *pkey = NULL;
638 EVP_MD_CTX *md_ctx = NULL;
640 if (!TEST_ptr(md_ctx = EVP_MD_CTX_new())
641 || !TEST_ptr(pkey = load_example_rsa_key()))
644 if (!TEST_true(EVP_DigestVerifyInit(md_ctx, NULL, EVP_sha256(), NULL, pkey))
645 || !TEST_true(EVP_DigestVerifyUpdate(md_ctx, kMsg, sizeof(kMsg)))
646 || !TEST_true(EVP_DigestVerifyFinal(md_ctx, kSignature,
647 sizeof(kSignature))))
652 EVP_MD_CTX_free(md_ctx);
657 static int test_d2i_AutoPrivateKey(int i)
660 const unsigned char *p;
661 EVP_PKEY *pkey = NULL;
662 const APK_DATA *ak = &keydata[i];
663 const unsigned char *input = ak->kder;
664 size_t input_len = ak->size;
665 int expected_id = ak->evptype;
668 if (!TEST_ptr(pkey = d2i_AutoPrivateKey(NULL, &p, input_len))
669 || !TEST_ptr_eq(p, input + input_len)
670 || !TEST_int_eq(EVP_PKEY_id(pkey), expected_id))
680 #ifndef OPENSSL_NO_EC
682 static const unsigned char ec_public_sect163k1_validxy[] = {
683 0x30, 0x40, 0x30, 0x10, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
684 0x01, 0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x01, 0x03, 0x2c, 0x00, 0x04,
685 0x02, 0x84, 0x58, 0xa6, 0xd4, 0xa0, 0x35, 0x2b, 0xae, 0xf0, 0xc0, 0x69,
686 0x05, 0xcf, 0x2a, 0x50, 0x33, 0xf9, 0xe3, 0x92, 0x79, 0x02, 0xd1, 0x7b,
687 0x9f, 0x22, 0x00, 0xf0, 0x3b, 0x0e, 0x5d, 0x2e, 0xb7, 0x23, 0x24, 0xf3,
688 0x6a, 0xd8, 0x17, 0x65, 0x41, 0x2f
691 static const unsigned char ec_public_sect163k1_badx[] = {
692 0x30, 0x40, 0x30, 0x10, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
693 0x01, 0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x01, 0x03, 0x2c, 0x00, 0x04,
694 0x0a, 0x84, 0x58, 0xa6, 0xd4, 0xa0, 0x35, 0x2b, 0xae, 0xf0, 0xc0, 0x69,
695 0x05, 0xcf, 0x2a, 0x50, 0x33, 0xf9, 0xe3, 0x92, 0xb0, 0x02, 0xd1, 0x7b,
696 0x9f, 0x22, 0x00, 0xf0, 0x3b, 0x0e, 0x5d, 0x2e, 0xb7, 0x23, 0x24, 0xf3,
697 0x6a, 0xd8, 0x17, 0x65, 0x41, 0x2f
700 static const unsigned char ec_public_sect163k1_bady[] = {
701 0x30, 0x40, 0x30, 0x10, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
702 0x01, 0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x01, 0x03, 0x2c, 0x00, 0x04,
703 0x02, 0x84, 0x58, 0xa6, 0xd4, 0xa0, 0x35, 0x2b, 0xae, 0xf0, 0xc0, 0x69,
704 0x05, 0xcf, 0x2a, 0x50, 0x33, 0xf9, 0xe3, 0x92, 0x79, 0x0a, 0xd1, 0x7b,
705 0x9f, 0x22, 0x00, 0xf0, 0x3b, 0x0e, 0x5d, 0x2e, 0xb7, 0x23, 0x24, 0xf3,
706 0x6a, 0xd8, 0x17, 0x65, 0x41, 0xe6
709 static struct ec_der_pub_keys_st {
710 const unsigned char *der;
713 } ec_der_pub_keys[] = {
714 { ec_public_sect163k1_validxy, sizeof(ec_public_sect163k1_validxy), 1 },
715 { ec_public_sect163k1_badx, sizeof(ec_public_sect163k1_badx), 0 },
716 { ec_public_sect163k1_bady, sizeof(ec_public_sect163k1_bady), 0 },
720 * Tests the range of the decoded EC char2 public point.
721 * See ec_GF2m_simple_oct2point().
723 static int test_invalide_ec_char2_pub_range_decode(int id)
727 EC_KEY *eckey = NULL;
729 if (!TEST_ptr(bio = BIO_new_mem_buf(ec_der_pub_keys[id].der,
730 ec_der_pub_keys[id].len)))
732 eckey = d2i_EC_PUBKEY_bio(bio, NULL);
733 ret = (ec_der_pub_keys[id].valid && TEST_ptr(eckey))
734 || TEST_ptr_null(eckey);
741 /* Tests loading a bad key in PKCS8 format */
742 static int test_EVP_PKCS82PKEY(void)
745 const unsigned char *derp = kExampleBadECKeyDER;
746 PKCS8_PRIV_KEY_INFO *p8inf = NULL;
747 EVP_PKEY *pkey = NULL;
749 if (!TEST_ptr(p8inf = d2i_PKCS8_PRIV_KEY_INFO(NULL, &derp,
750 sizeof(kExampleBadECKeyDER))))
753 if (!TEST_ptr_eq(derp,
754 kExampleBadECKeyDER + sizeof(kExampleBadECKeyDER)))
757 if (!TEST_ptr_null(pkey = EVP_PKCS82PKEY(p8inf)))
763 PKCS8_PRIV_KEY_INFO_free(p8inf);
770 #if !defined(OPENSSL_NO_SM2) && !defined(FIPS_MODULE)
772 static int test_EVP_SM2_verify(void)
774 /* From https://tools.ietf.org/html/draft-shen-sm2-ecdsa-02#appendix-A */
776 "-----BEGIN PUBLIC KEY-----\n"
777 "MIIBMzCB7AYHKoZIzj0CATCB4AIBATAsBgcqhkjOPQEBAiEAhULWnkwETxjouSQ1\n"
778 "v2/33kVyg5FcRVF9ci7biwjx38MwRAQgeHlotPoyw/0kF4Quc7v+/y88hItoMdfg\n"
779 "7GUiizk35JgEIGPkxtOyOwyEnPhCQUhL/kj2HVmlsWugbm4S0donxSSaBEEEQh3r\n"
780 "1hti6rZ0ZDTrw8wxXjIiCzut1QvcTE5sFH/t1D0GgFEry7QsB9RzSdIVO3DE5df9\n"
781 "/L+jbqGoWEG55G4JogIhAIVC1p5MBE8Y6LkkNb9v990pdyBjBIVijVrnTufDLnm3\n"
782 "AgEBA0IABArkx3mKoPEZRxvuEYJb5GICu3nipYRElel8BP9N8lSKfAJA+I8c1OFj\n"
783 "Uqc8F7fxbwc1PlOhdtaEqf4Ma7eY6Fc=\n"
784 "-----END PUBLIC KEY-----\n";
786 const char *msg = "message digest";
787 const char *id = "ALICE123@YAHOO.COM";
789 const uint8_t signature[] = {
790 0x30, 0x44, 0x02, 0x20,
792 0x40, 0xF1, 0xEC, 0x59, 0xF7, 0x93, 0xD9, 0xF4, 0x9E, 0x09, 0xDC,
793 0xEF, 0x49, 0x13, 0x0D, 0x41, 0x94, 0xF7, 0x9F, 0xB1, 0xEE, 0xD2,
794 0xCA, 0xA5, 0x5B, 0xAC, 0xDB, 0x49, 0xC4, 0xE7, 0x55, 0xD1,
798 0x6F, 0xC6, 0xDA, 0xC3, 0x2C, 0x5D, 0x5C, 0xF1, 0x0C, 0x77, 0xDF,
799 0xB2, 0x0F, 0x7C, 0x2E, 0xB6, 0x67, 0xA4, 0x57, 0x87, 0x2F, 0xB0,
800 0x9E, 0xC5, 0x63, 0x27, 0xA6, 0x7E, 0xC7, 0xDE, 0xEB, 0xE7
805 EVP_PKEY *pkey = NULL;
806 EVP_MD_CTX *mctx = NULL;
807 EVP_PKEY_CTX *pctx = NULL;
809 bio = BIO_new_mem_buf(pubkey, strlen(pubkey));
810 if (!TEST_true(bio != NULL))
813 pkey = PEM_read_bio_PUBKEY(bio, NULL, NULL, NULL);
814 if (!TEST_true(pkey != NULL))
817 if (!TEST_true(EVP_PKEY_set_alias_type(pkey, EVP_PKEY_SM2)))
820 if (!TEST_ptr(mctx = EVP_MD_CTX_new()))
823 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new(pkey, NULL)))
826 if (!TEST_int_gt(EVP_PKEY_CTX_set1_id(pctx, (const uint8_t *)id,
830 EVP_MD_CTX_set_pkey_ctx(mctx, pctx);
832 if (!TEST_true(EVP_DigestVerifyInit(mctx, NULL, EVP_sm3(), NULL, pkey)))
835 if (!TEST_true(EVP_DigestVerifyUpdate(mctx, msg, strlen(msg))))
838 if (!TEST_true(EVP_DigestVerifyFinal(mctx, signature, sizeof(signature))))
845 EVP_PKEY_CTX_free(pctx);
846 EVP_MD_CTX_free(mctx);
850 static int test_EVP_SM2(void)
853 EVP_PKEY *pkey = NULL;
854 EVP_PKEY *params = NULL;
855 EVP_PKEY_CTX *pctx = NULL;
856 EVP_PKEY_CTX *kctx = NULL;
857 EVP_PKEY_CTX *sctx = NULL;
859 unsigned char *sig = NULL;
860 EVP_MD_CTX *md_ctx = NULL;
861 EVP_MD_CTX *md_ctx_verify = NULL;
862 EVP_PKEY_CTX *cctx = NULL;
864 uint8_t ciphertext[128];
865 size_t ctext_len = sizeof(ciphertext);
867 uint8_t plaintext[8];
868 size_t ptext_len = sizeof(plaintext);
870 uint8_t sm2_id[] = {1, 2, 3, 4, 'l', 'e', 't', 't', 'e', 'r'};
872 pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_EC, NULL);
876 if (!TEST_true(EVP_PKEY_paramgen_init(pctx) == 1))
879 if (!TEST_true(EVP_PKEY_CTX_set_ec_paramgen_curve_nid(pctx, NID_sm2)))
882 if (!TEST_true(EVP_PKEY_paramgen(pctx, ¶ms)))
885 kctx = EVP_PKEY_CTX_new(params, NULL);
889 if (!TEST_true(EVP_PKEY_keygen_init(kctx)))
892 if (!TEST_true(EVP_PKEY_keygen(kctx, &pkey)))
895 if (!TEST_true(EVP_PKEY_set_alias_type(pkey, EVP_PKEY_SM2)))
898 if (!TEST_ptr(md_ctx = EVP_MD_CTX_new()))
901 if (!TEST_ptr(md_ctx_verify = EVP_MD_CTX_new()))
904 if (!TEST_ptr(sctx = EVP_PKEY_CTX_new(pkey, NULL)))
907 EVP_MD_CTX_set_pkey_ctx(md_ctx, sctx);
908 EVP_MD_CTX_set_pkey_ctx(md_ctx_verify, sctx);
910 if (!TEST_int_gt(EVP_PKEY_CTX_set1_id(sctx, sm2_id, sizeof(sm2_id)), 0))
913 if (!TEST_true(EVP_DigestSignInit(md_ctx, NULL, EVP_sm3(), NULL, pkey)))
916 if(!TEST_true(EVP_DigestSignUpdate(md_ctx, kMsg, sizeof(kMsg))))
919 /* Determine the size of the signature. */
920 if (!TEST_true(EVP_DigestSignFinal(md_ctx, NULL, &sig_len)))
923 if (!TEST_ptr(sig = OPENSSL_malloc(sig_len)))
926 if (!TEST_true(EVP_DigestSignFinal(md_ctx, sig, &sig_len)))
929 /* Ensure that the signature round-trips. */
931 if (!TEST_true(EVP_DigestVerifyInit(md_ctx_verify, NULL, EVP_sm3(), NULL, pkey)))
934 if (!TEST_true(EVP_DigestVerifyUpdate(md_ctx_verify, kMsg, sizeof(kMsg))))
937 if (!TEST_true(EVP_DigestVerifyFinal(md_ctx_verify, sig, sig_len)))
940 /* now check encryption/decryption */
942 if (!TEST_ptr(cctx = EVP_PKEY_CTX_new(pkey, NULL)))
945 if (!TEST_true(EVP_PKEY_encrypt_init(cctx)))
948 if (!TEST_true(EVP_PKEY_encrypt(cctx, ciphertext, &ctext_len, kMsg, sizeof(kMsg))))
951 if (!TEST_true(EVP_PKEY_decrypt_init(cctx)))
954 if (!TEST_true(EVP_PKEY_decrypt(cctx, plaintext, &ptext_len, ciphertext, ctext_len)))
957 if (!TEST_true(ptext_len == sizeof(kMsg)))
960 if (!TEST_true(memcmp(plaintext, kMsg, sizeof(kMsg)) == 0))
965 EVP_PKEY_CTX_free(pctx);
966 EVP_PKEY_CTX_free(kctx);
967 EVP_PKEY_CTX_free(sctx);
968 EVP_PKEY_CTX_free(cctx);
970 EVP_PKEY_free(params);
971 EVP_MD_CTX_free(md_ctx);
972 EVP_MD_CTX_free(md_ctx_verify);
979 static struct keys_st {
985 EVP_PKEY_HMAC, "0123456789", NULL
987 EVP_PKEY_POLY1305, "01234567890123456789012345678901", NULL
989 EVP_PKEY_SIPHASH, "0123456789012345", NULL
991 #ifndef OPENSSL_NO_EC
993 EVP_PKEY_X25519, "01234567890123456789012345678901",
994 "abcdefghijklmnopqrstuvwxyzabcdef"
996 EVP_PKEY_ED25519, "01234567890123456789012345678901",
997 "abcdefghijklmnopqrstuvwxyzabcdef"
1000 "01234567890123456789012345678901234567890123456789012345",
1001 "abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcd"
1004 "012345678901234567890123456789012345678901234567890123456",
1005 "abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcde"
1010 static int test_set_get_raw_keys_int(int tst, int pub, int uselibctx)
1013 unsigned char buf[80];
1015 size_t inlen, len = 0;
1018 /* Check if this algorithm supports public keys */
1019 if (keys[tst].pub == NULL)
1022 memset(buf, 0, sizeof(buf));
1025 inlen = strlen(keys[tst].pub);
1026 in = (unsigned char *)keys[tst].pub;
1028 pkey = EVP_PKEY_new_raw_public_key_with_libctx(
1030 OBJ_nid2sn(keys[tst].type),
1035 pkey = EVP_PKEY_new_raw_public_key(keys[tst].type,
1041 inlen = strlen(keys[tst].priv);
1042 in = (unsigned char *)keys[tst].priv;
1044 pkey = EVP_PKEY_new_raw_private_key_with_libctx(
1045 testctx, OBJ_nid2sn(keys[tst].type),
1050 pkey = EVP_PKEY_new_raw_private_key(keys[tst].type,
1058 || (!pub && !TEST_true(EVP_PKEY_get_raw_private_key(pkey, NULL, &len)))
1059 || (pub && !TEST_true(EVP_PKEY_get_raw_public_key(pkey, NULL, &len)))
1060 || !TEST_true(len == inlen)
1061 || (!pub && !TEST_true(EVP_PKEY_get_raw_private_key(pkey, buf, &len)))
1062 || (pub && !TEST_true(EVP_PKEY_get_raw_public_key(pkey, buf, &len)))
1063 || !TEST_mem_eq(in, inlen, buf, len))
1068 EVP_PKEY_free(pkey);
1072 static int test_set_get_raw_keys(int tst)
1074 return test_set_get_raw_keys_int(tst, 0, 0)
1075 && test_set_get_raw_keys_int(tst, 0, 1)
1076 && test_set_get_raw_keys_int(tst, 1, 0)
1077 && test_set_get_raw_keys_int(tst, 1, 1);
1080 static int pkey_custom_check(EVP_PKEY *pkey)
1085 static int pkey_custom_pub_check(EVP_PKEY *pkey)
1090 static int pkey_custom_param_check(EVP_PKEY *pkey)
1095 static EVP_PKEY_METHOD *custom_pmeth;
1097 static int test_EVP_PKEY_check(int i)
1100 const unsigned char *p;
1101 EVP_PKEY *pkey = NULL;
1102 #ifndef OPENSSL_NO_EC
1103 EC_KEY *eckey = NULL;
1105 EVP_PKEY_CTX *ctx = NULL;
1106 EVP_PKEY_CTX *ctx2 = NULL;
1107 const APK_DATA *ak = &keycheckdata[i];
1108 const unsigned char *input = ak->kder;
1109 size_t input_len = ak->size;
1110 int expected_id = ak->evptype;
1111 int expected_check = ak->check;
1112 int expected_pub_check = ak->pub_check;
1113 int expected_param_check = ak->param_check;
1114 int type = ak->type;
1121 if (!TEST_ptr(pkey = d2i_AutoPrivateKey(NULL, &p, input_len))
1122 || !TEST_ptr_eq(p, input + input_len)
1123 || !TEST_int_eq(EVP_PKEY_id(pkey), expected_id))
1126 #ifndef OPENSSL_NO_EC
1128 if (!TEST_ptr(pubkey = BIO_new_mem_buf(input, input_len))
1129 || !TEST_ptr(eckey = d2i_EC_PUBKEY_bio(pubkey, NULL))
1130 || !TEST_ptr(pkey = EVP_PKEY_new())
1131 || !TEST_true(EVP_PKEY_assign_EC_KEY(pkey, eckey)))
1135 if (!TEST_ptr(eckey = d2i_ECParameters(NULL, &p, input_len))
1136 || !TEST_ptr_eq(p, input + input_len)
1137 || !TEST_ptr(pkey = EVP_PKEY_new())
1138 || !TEST_true(EVP_PKEY_assign_EC_KEY(pkey, eckey)))
1146 if (!TEST_ptr(ctx = EVP_PKEY_CTX_new(pkey, NULL)))
1149 if (!TEST_int_eq(EVP_PKEY_check(ctx), expected_check))
1152 if (!TEST_int_eq(EVP_PKEY_public_check(ctx), expected_pub_check))
1155 if (!TEST_int_eq(EVP_PKEY_param_check(ctx), expected_param_check))
1158 ctx2 = EVP_PKEY_CTX_new_id(0xdefaced, NULL);
1159 /* assign the pkey directly, as an internal test */
1160 EVP_PKEY_up_ref(pkey);
1163 if (!TEST_int_eq(EVP_PKEY_check(ctx2), 0xbeef))
1166 if (!TEST_int_eq(EVP_PKEY_public_check(ctx2), 0xbeef))
1169 if (!TEST_int_eq(EVP_PKEY_param_check(ctx2), 0xbeef))
1175 EVP_PKEY_CTX_free(ctx);
1176 EVP_PKEY_CTX_free(ctx2);
1177 EVP_PKEY_free(pkey);
1182 static int test_CMAC_keygen(void)
1185 * This is a legacy method for CMACs, but should still work.
1186 * This verifies that it works without an ENGINE.
1188 EVP_PKEY_CTX *kctx = EVP_PKEY_CTX_new_id(EVP_PKEY_CMAC, NULL);
1191 if (!TEST_true(EVP_PKEY_keygen_init(kctx) > 0)
1192 && !TEST_true(EVP_PKEY_CTX_ctrl(kctx, -1, EVP_PKEY_OP_KEYGEN,
1193 EVP_PKEY_CTRL_CIPHER,
1194 0, (void *)EVP_aes_256_ecb()) > 0))
1199 EVP_PKEY_CTX_free(kctx);
1203 static int test_HKDF(void)
1206 unsigned char out[20];
1209 unsigned char salt[] = "0123456789";
1210 unsigned char key[] = "012345678901234567890123456789";
1211 unsigned char info[] = "infostring";
1212 const unsigned char expected[] = {
1213 0xe5, 0x07, 0x70, 0x7f, 0xc6, 0x78, 0xd6, 0x54, 0x32, 0x5f, 0x7e, 0xc5,
1214 0x7b, 0x59, 0x3e, 0xd8, 0x03, 0x6b, 0xed, 0xca
1216 size_t expectedlen = sizeof(expected);
1218 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_HKDF, NULL)))
1221 /* We do this twice to test reuse of the EVP_PKEY_CTX */
1222 for (i = 0; i < 2; i++) {
1223 outlen = sizeof(out);
1224 memset(out, 0, outlen);
1226 if (!TEST_int_gt(EVP_PKEY_derive_init(pctx), 0)
1227 || !TEST_int_gt(EVP_PKEY_CTX_set_hkdf_md(pctx, EVP_sha256()), 0)
1228 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_salt(pctx, salt,
1229 sizeof(salt) - 1), 0)
1230 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_key(pctx, key,
1231 sizeof(key) - 1), 0)
1232 || !TEST_int_gt(EVP_PKEY_CTX_add1_hkdf_info(pctx, info,
1233 sizeof(info) - 1), 0)
1234 || !TEST_int_gt(EVP_PKEY_derive(pctx, out, &outlen), 0)
1235 || !TEST_mem_eq(out, outlen, expected, expectedlen))
1242 EVP_PKEY_CTX_free(pctx);
1247 #ifndef OPENSSL_NO_EC
1248 static int test_X509_PUBKEY_inplace(void)
1251 X509_PUBKEY *xp = NULL;
1252 const unsigned char *p = kExampleECPubKeyDER;
1253 size_t input_len = sizeof(kExampleECPubKeyDER);
1255 if (!TEST_ptr(xp = d2i_X509_PUBKEY(NULL, &p, input_len)))
1258 if (!TEST_ptr(X509_PUBKEY_get0(xp)))
1261 p = kExampleBadECPubKeyDER;
1262 input_len = sizeof(kExampleBadECPubKeyDER);
1264 if (!TEST_ptr(xp = d2i_X509_PUBKEY(&xp, &p, input_len)))
1267 if (!TEST_true(X509_PUBKEY_get0(xp) == NULL))
1273 X509_PUBKEY_free(xp);
1276 #endif /* OPENSSL_NO_EC */
1278 /* Test getting and setting parameters on an EVP_PKEY_CTX */
1279 static int test_EVP_PKEY_CTX_get_set_params(EVP_PKEY *pkey)
1281 EVP_MD_CTX *mdctx = NULL;
1282 EVP_PKEY_CTX *ctx = NULL;
1283 const OSSL_PARAM *params;
1284 OSSL_PARAM ourparams[2], *param = ourparams, *param_md;
1287 char mdname[OSSL_MAX_NAME_SIZE];
1290 /* Initialise a sign operation */
1291 ctx = EVP_PKEY_CTX_new(pkey, NULL);
1293 || !TEST_int_gt(EVP_PKEY_sign_init(ctx), 0))
1297 * We should be able to query the parameters now.
1299 params = EVP_PKEY_CTX_settable_params(ctx);
1300 if (!TEST_ptr(params)
1301 || !TEST_ptr(OSSL_PARAM_locate_const(params,
1302 OSSL_SIGNATURE_PARAM_DIGEST)))
1305 params = EVP_PKEY_CTX_gettable_params(ctx);
1306 if (!TEST_ptr(params)
1307 || !TEST_ptr(OSSL_PARAM_locate_const(params,
1308 OSSL_SIGNATURE_PARAM_ALGORITHM_ID))
1309 || !TEST_ptr(OSSL_PARAM_locate_const(params,
1310 OSSL_SIGNATURE_PARAM_DIGEST)))
1314 * Test getting and setting params via EVP_PKEY_CTX_set_params() and
1315 * EVP_PKEY_CTX_get_params()
1317 strcpy(mdname, "SHA512");
1319 *param++ = OSSL_PARAM_construct_utf8_string(OSSL_SIGNATURE_PARAM_DIGEST,
1321 *param++ = OSSL_PARAM_construct_end();
1323 if (!TEST_true(EVP_PKEY_CTX_set_params(ctx, ourparams)))
1327 *param_md = OSSL_PARAM_construct_utf8_string(OSSL_SIGNATURE_PARAM_DIGEST,
1328 mdname, sizeof(mdname));
1329 if (!TEST_true(EVP_PKEY_CTX_get_params(ctx, ourparams))
1330 || !TEST_str_eq(mdname, "SHA512"))
1334 * Test the TEST_PKEY_CTX_set_signature_md() and
1335 * TEST_PKEY_CTX_get_signature_md() functions
1337 if (!TEST_int_gt(EVP_PKEY_CTX_set_signature_md(ctx, EVP_sha256()), 0)
1338 || !TEST_int_gt(EVP_PKEY_CTX_get_signature_md(ctx, &md), 0)
1339 || !TEST_ptr_eq(md, EVP_sha256()))
1343 * Test getting MD parameters via an associated EVP_PKEY_CTX
1345 mdctx = EVP_MD_CTX_new();
1346 if (!TEST_ptr(mdctx)
1347 || !TEST_true(EVP_DigestSignInit_ex(mdctx, NULL, "SHA1", NULL, pkey,
1352 * We now have an EVP_MD_CTX with an EVP_PKEY_CTX inside it. We should be
1353 * able to obtain the digest's settable parameters from the provider.
1355 params = EVP_MD_CTX_settable_params(mdctx);
1356 if (!TEST_ptr(params)
1357 || !TEST_int_eq(strcmp(params[0].key, OSSL_DIGEST_PARAM_SSL3_MS), 0)
1358 /* The final key should be NULL */
1359 || !TEST_ptr_null(params[1].key))
1363 memset(ssl3ms, 0, sizeof(ssl3ms));
1364 *param++ = OSSL_PARAM_construct_octet_string(OSSL_DIGEST_PARAM_SSL3_MS,
1365 ssl3ms, sizeof(ssl3ms));
1366 *param++ = OSSL_PARAM_construct_end();
1368 if (!TEST_true(EVP_MD_CTX_set_params(mdctx, ourparams)))
1374 EVP_MD_CTX_free(mdctx);
1375 EVP_PKEY_CTX_free(ctx);
1380 #ifndef OPENSSL_NO_DSA
1381 static int test_DSA_get_set_params(void)
1384 BIGNUM *p = NULL, *q = NULL, *g = NULL, *pub = NULL, *priv = NULL;
1385 EVP_PKEY *pkey = NULL;
1389 * Setup the parameters for our DSA object. For our purposes they don't
1390 * have to actually be *valid* parameters. We just need to set something.
1403 || !DSA_set0_pqg(dsa, p, q, g)
1404 || !DSA_set0_key(dsa, pub, priv))
1406 p = q = g = pub = priv = NULL;
1408 pkey = EVP_PKEY_new();
1410 || !TEST_true(EVP_PKEY_assign_DSA(pkey, dsa)))
1415 ret = test_EVP_PKEY_CTX_get_set_params(pkey);
1418 EVP_PKEY_free(pkey);
1430 static int test_RSA_get_set_params(void)
1433 BIGNUM *n = NULL, *e = NULL, *d = NULL;
1434 EVP_PKEY *pkey = NULL;
1438 * Setup the parameters for our RSA object. For our purposes they don't
1439 * have to actually be *valid* parameters. We just need to set something.
1449 || !RSA_set0_key(rsa, n, e, d))
1453 pkey = EVP_PKEY_new();
1455 || !TEST_true(EVP_PKEY_assign_RSA(pkey, rsa)))
1460 ret = test_EVP_PKEY_CTX_get_set_params(pkey);
1463 EVP_PKEY_free(pkey);
1472 #if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
1473 static int test_decrypt_null_chunks(void)
1475 EVP_CIPHER_CTX* ctx = NULL;
1476 const unsigned char key[32] = {
1477 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
1478 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
1479 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1
1481 unsigned char iv[12] = {
1482 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b
1484 unsigned char msg[] = "It was the best of times, it was the worst of times";
1485 unsigned char ciphertext[80];
1486 unsigned char plaintext[80];
1487 /* We initialise tmp to a non zero value on purpose */
1488 int ctlen, ptlen, tmp = 99;
1490 const int enc_offset = 10, dec_offset = 20;
1492 if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new())
1493 || !TEST_true(EVP_EncryptInit_ex(ctx, EVP_chacha20_poly1305(), NULL,
1495 || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext, &ctlen, msg,
1497 /* Deliberate add a zero length update */
1498 || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext + ctlen, &tmp, NULL,
1500 || !TEST_int_eq(tmp, 0)
1501 || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext + ctlen, &tmp,
1503 sizeof(msg) - enc_offset))
1504 || !TEST_int_eq(ctlen += tmp, sizeof(msg))
1505 || !TEST_true(EVP_EncryptFinal(ctx, ciphertext + ctlen, &tmp))
1506 || !TEST_int_eq(tmp, 0))
1509 /* Deliberately initialise tmp to a non zero value */
1511 if (!TEST_true(EVP_DecryptInit_ex(ctx, EVP_chacha20_poly1305(), NULL, key,
1513 || !TEST_true(EVP_DecryptUpdate(ctx, plaintext, &ptlen, ciphertext,
1516 * Deliberately add a zero length update. We also deliberately do
1517 * this at a different offset than for encryption.
1519 || !TEST_true(EVP_DecryptUpdate(ctx, plaintext + ptlen, &tmp, NULL,
1521 || !TEST_int_eq(tmp, 0)
1522 || !TEST_true(EVP_DecryptUpdate(ctx, plaintext + ptlen, &tmp,
1523 ciphertext + dec_offset,
1524 ctlen - dec_offset))
1525 || !TEST_int_eq(ptlen += tmp, sizeof(msg))
1526 || !TEST_true(EVP_DecryptFinal(ctx, plaintext + ptlen, &tmp))
1527 || !TEST_int_eq(tmp, 0)
1528 || !TEST_mem_eq(msg, sizeof(msg), plaintext, ptlen))
1533 EVP_CIPHER_CTX_free(ctx);
1536 #endif /* !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305) */
1538 #ifndef OPENSSL_NO_DH
1539 static int test_EVP_PKEY_set1_DH(void)
1541 DH *x942dh = NULL, *noqdh = NULL;
1542 EVP_PKEY *pkey1 = NULL, *pkey2 = NULL;
1544 BIGNUM *p, *g = NULL;
1546 if (!TEST_ptr(p = BN_new())
1547 || !TEST_ptr(g = BN_new())
1548 || !BN_set_word(p, 9999)
1549 || !BN_set_word(g, 2)
1550 || !TEST_ptr(noqdh = DH_new())
1551 || !DH_set0_pqg(noqdh, p, NULL, g))
1555 x942dh = DH_get_2048_256();
1556 pkey1 = EVP_PKEY_new();
1557 pkey2 = EVP_PKEY_new();
1558 if (!TEST_ptr(x942dh)
1561 || !TEST_ptr(pkey2))
1564 if(!TEST_true(EVP_PKEY_set1_DH(pkey1, x942dh))
1565 || !TEST_int_eq(EVP_PKEY_id(pkey1), EVP_PKEY_DHX))
1568 if(!TEST_true(EVP_PKEY_set1_DH(pkey2, noqdh))
1569 || !TEST_int_eq(EVP_PKEY_id(pkey2), EVP_PKEY_DH))
1576 EVP_PKEY_free(pkey1);
1577 EVP_PKEY_free(pkey2);
1586 * We test what happens with an empty template. For the sake of this test,
1587 * the template must be ignored, and we know that's the case for RSA keys
1588 * (this might arguably be a misfeature, but that's what we currently do,
1589 * even in provider code, since that's how the legacy RSA implementation
1592 static int test_keygen_with_empty_template(int n)
1594 EVP_PKEY_CTX *ctx = NULL;
1595 EVP_PKEY *pkey = NULL;
1596 EVP_PKEY *tkey = NULL;
1601 /* We do test with no template at all as well */
1602 if (!TEST_ptr(ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_RSA, NULL)))
1606 /* Here we create an empty RSA key that serves as our template */
1607 if (!TEST_ptr(tkey = EVP_PKEY_new())
1608 || !TEST_true(EVP_PKEY_set_type(tkey, EVP_PKEY_RSA))
1609 || !TEST_ptr(ctx = EVP_PKEY_CTX_new(tkey, NULL)))
1614 if (!TEST_int_gt(EVP_PKEY_keygen_init(ctx), 0)
1615 || !TEST_int_gt(EVP_PKEY_keygen(ctx, &pkey), 0))
1620 EVP_PKEY_CTX_free(ctx);
1621 EVP_PKEY_free(pkey);
1622 EVP_PKEY_free(tkey);
1626 int setup_tests(void)
1628 testctx = OPENSSL_CTX_new();
1630 if (!TEST_ptr(testctx))
1633 ADD_ALL_TESTS(test_EVP_DigestSignInit, 9);
1634 ADD_TEST(test_EVP_DigestVerifyInit);
1635 ADD_TEST(test_EVP_Enveloped);
1636 ADD_ALL_TESTS(test_d2i_AutoPrivateKey, OSSL_NELEM(keydata));
1637 #ifndef OPENSSL_NO_EC
1638 ADD_TEST(test_EVP_PKCS82PKEY);
1640 #if !defined(OPENSSL_NO_SM2) && !defined(FIPS_MODULE)
1641 ADD_TEST(test_EVP_SM2);
1642 ADD_TEST(test_EVP_SM2_verify);
1644 ADD_ALL_TESTS(test_set_get_raw_keys, OSSL_NELEM(keys));
1645 custom_pmeth = EVP_PKEY_meth_new(0xdefaced, 0);
1646 if (!TEST_ptr(custom_pmeth))
1648 EVP_PKEY_meth_set_check(custom_pmeth, pkey_custom_check);
1649 EVP_PKEY_meth_set_public_check(custom_pmeth, pkey_custom_pub_check);
1650 EVP_PKEY_meth_set_param_check(custom_pmeth, pkey_custom_param_check);
1651 if (!TEST_int_eq(EVP_PKEY_meth_add0(custom_pmeth), 1))
1653 ADD_ALL_TESTS(test_EVP_PKEY_check, OSSL_NELEM(keycheckdata));
1654 ADD_TEST(test_CMAC_keygen);
1655 ADD_TEST(test_HKDF);
1656 #ifndef OPENSSL_NO_EC
1657 ADD_TEST(test_X509_PUBKEY_inplace);
1658 ADD_ALL_TESTS(test_invalide_ec_char2_pub_range_decode,
1659 OSSL_NELEM(ec_der_pub_keys));
1661 #ifndef OPENSSL_NO_DSA
1662 ADD_TEST(test_DSA_get_set_params);
1664 ADD_TEST(test_RSA_get_set_params);
1665 #if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
1666 ADD_TEST(test_decrypt_null_chunks);
1668 #ifndef OPENSSL_NO_DH
1669 ADD_TEST(test_EVP_PKEY_set1_DH);
1671 ADD_ALL_TESTS(test_keygen_with_empty_template, 2);
1676 void cleanup_tests(void)
1678 OPENSSL_CTX_free(testctx);