2 * Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved.
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
13 #include <openssl/bio.h>
14 #include <openssl/conf.h>
15 #include <openssl/crypto.h>
16 #include <openssl/err.h>
17 #include <openssl/evp.h>
18 #include <openssl/rsa.h>
19 #include <openssl/x509.h>
20 #include <openssl/pem.h>
21 #include <openssl/kdf.h>
22 #include <openssl/provider.h>
23 #include <openssl/core_names.h>
24 #include <openssl/dsa.h>
26 #include "internal/nelem.h"
27 #include "crypto/evp.h"
30 * kExampleRSAKeyDER is an RSA private key in ASN.1, DER format. Of course, you
31 * should never use this key anywhere but in an example.
33 static const unsigned char kExampleRSAKeyDER[] = {
34 0x30, 0x82, 0x02, 0x5c, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81, 0x00, 0xf8,
35 0xb8, 0x6c, 0x83, 0xb4, 0xbc, 0xd9, 0xa8, 0x57, 0xc0, 0xa5, 0xb4, 0x59,
36 0x76, 0x8c, 0x54, 0x1d, 0x79, 0xeb, 0x22, 0x52, 0x04, 0x7e, 0xd3, 0x37,
37 0xeb, 0x41, 0xfd, 0x83, 0xf9, 0xf0, 0xa6, 0x85, 0x15, 0x34, 0x75, 0x71,
38 0x5a, 0x84, 0xa8, 0x3c, 0xd2, 0xef, 0x5a, 0x4e, 0xd3, 0xde, 0x97, 0x8a,
39 0xdd, 0xff, 0xbb, 0xcf, 0x0a, 0xaa, 0x86, 0x92, 0xbe, 0xb8, 0x50, 0xe4,
40 0xcd, 0x6f, 0x80, 0x33, 0x30, 0x76, 0x13, 0x8f, 0xca, 0x7b, 0xdc, 0xec,
41 0x5a, 0xca, 0x63, 0xc7, 0x03, 0x25, 0xef, 0xa8, 0x8a, 0x83, 0x58, 0x76,
42 0x20, 0xfa, 0x16, 0x77, 0xd7, 0x79, 0x92, 0x63, 0x01, 0x48, 0x1a, 0xd8,
43 0x7b, 0x67, 0xf1, 0x52, 0x55, 0x49, 0x4e, 0xd6, 0x6e, 0x4a, 0x5c, 0xd7,
44 0x7a, 0x37, 0x36, 0x0c, 0xde, 0xdd, 0x8f, 0x44, 0xe8, 0xc2, 0xa7, 0x2c,
45 0x2b, 0xb5, 0xaf, 0x64, 0x4b, 0x61, 0x07, 0x02, 0x03, 0x01, 0x00, 0x01,
46 0x02, 0x81, 0x80, 0x74, 0x88, 0x64, 0x3f, 0x69, 0x45, 0x3a, 0x6d, 0xc7,
47 0x7f, 0xb9, 0xa3, 0xc0, 0x6e, 0xec, 0xdc, 0xd4, 0x5a, 0xb5, 0x32, 0x85,
48 0x5f, 0x19, 0xd4, 0xf8, 0xd4, 0x3f, 0x3c, 0xfa, 0xc2, 0xf6, 0x5f, 0xee,
49 0xe6, 0xba, 0x87, 0x74, 0x2e, 0xc7, 0x0c, 0xd4, 0x42, 0xb8, 0x66, 0x85,
50 0x9c, 0x7b, 0x24, 0x61, 0xaa, 0x16, 0x11, 0xf6, 0xb5, 0xb6, 0xa4, 0x0a,
51 0xc9, 0x55, 0x2e, 0x81, 0xa5, 0x47, 0x61, 0xcb, 0x25, 0x8f, 0xc2, 0x15,
52 0x7b, 0x0e, 0x7c, 0x36, 0x9f, 0x3a, 0xda, 0x58, 0x86, 0x1c, 0x5b, 0x83,
53 0x79, 0xe6, 0x2b, 0xcc, 0xe6, 0xfa, 0x2c, 0x61, 0xf2, 0x78, 0x80, 0x1b,
54 0xe2, 0xf3, 0x9d, 0x39, 0x2b, 0x65, 0x57, 0x91, 0x3d, 0x71, 0x99, 0x73,
55 0xa5, 0xc2, 0x79, 0x20, 0x8c, 0x07, 0x4f, 0xe5, 0xb4, 0x60, 0x1f, 0x99,
56 0xa2, 0xb1, 0x4f, 0x0c, 0xef, 0xbc, 0x59, 0x53, 0x00, 0x7d, 0xb1, 0x02,
57 0x41, 0x00, 0xfc, 0x7e, 0x23, 0x65, 0x70, 0xf8, 0xce, 0xd3, 0x40, 0x41,
58 0x80, 0x6a, 0x1d, 0x01, 0xd6, 0x01, 0xff, 0xb6, 0x1b, 0x3d, 0x3d, 0x59,
59 0x09, 0x33, 0x79, 0xc0, 0x4f, 0xde, 0x96, 0x27, 0x4b, 0x18, 0xc6, 0xd9,
60 0x78, 0xf1, 0xf4, 0x35, 0x46, 0xe9, 0x7c, 0x42, 0x7a, 0x5d, 0x9f, 0xef,
61 0x54, 0xb8, 0xf7, 0x9f, 0xc4, 0x33, 0x6c, 0xf3, 0x8c, 0x32, 0x46, 0x87,
62 0x67, 0x30, 0x7b, 0xa7, 0xac, 0xe3, 0x02, 0x41, 0x00, 0xfc, 0x2c, 0xdf,
63 0x0c, 0x0d, 0x88, 0xf5, 0xb1, 0x92, 0xa8, 0x93, 0x47, 0x63, 0x55, 0xf5,
64 0xca, 0x58, 0x43, 0xba, 0x1c, 0xe5, 0x9e, 0xb6, 0x95, 0x05, 0xcd, 0xb5,
65 0x82, 0xdf, 0xeb, 0x04, 0x53, 0x9d, 0xbd, 0xc2, 0x38, 0x16, 0xb3, 0x62,
66 0xdd, 0xa1, 0x46, 0xdb, 0x6d, 0x97, 0x93, 0x9f, 0x8a, 0xc3, 0x9b, 0x64,
67 0x7e, 0x42, 0xe3, 0x32, 0x57, 0x19, 0x1b, 0xd5, 0x6e, 0x85, 0xfa, 0xb8,
68 0x8d, 0x02, 0x41, 0x00, 0xbc, 0x3d, 0xde, 0x6d, 0xd6, 0x97, 0xe8, 0xba,
69 0x9e, 0x81, 0x37, 0x17, 0xe5, 0xa0, 0x64, 0xc9, 0x00, 0xb7, 0xe7, 0xfe,
70 0xf4, 0x29, 0xd9, 0x2e, 0x43, 0x6b, 0x19, 0x20, 0xbd, 0x99, 0x75, 0xe7,
71 0x76, 0xf8, 0xd3, 0xae, 0xaf, 0x7e, 0xb8, 0xeb, 0x81, 0xf4, 0x9d, 0xfe,
72 0x07, 0x2b, 0x0b, 0x63, 0x0b, 0x5a, 0x55, 0x90, 0x71, 0x7d, 0xf1, 0xdb,
73 0xd9, 0xb1, 0x41, 0x41, 0x68, 0x2f, 0x4e, 0x39, 0x02, 0x40, 0x5a, 0x34,
74 0x66, 0xd8, 0xf5, 0xe2, 0x7f, 0x18, 0xb5, 0x00, 0x6e, 0x26, 0x84, 0x27,
75 0x14, 0x93, 0xfb, 0xfc, 0xc6, 0x0f, 0x5e, 0x27, 0xe6, 0xe1, 0xe9, 0xc0,
76 0x8a, 0xe4, 0x34, 0xda, 0xe9, 0xa2, 0x4b, 0x73, 0xbc, 0x8c, 0xb9, 0xba,
77 0x13, 0x6c, 0x7a, 0x2b, 0x51, 0x84, 0xa3, 0x4a, 0xe0, 0x30, 0x10, 0x06,
78 0x7e, 0xed, 0x17, 0x5a, 0x14, 0x00, 0xc9, 0xef, 0x85, 0xea, 0x52, 0x2c,
79 0xbc, 0x65, 0x02, 0x40, 0x51, 0xe3, 0xf2, 0x83, 0x19, 0x9b, 0xc4, 0x1e,
80 0x2f, 0x50, 0x3d, 0xdf, 0x5a, 0xa2, 0x18, 0xca, 0x5f, 0x2e, 0x49, 0xaf,
81 0x6f, 0xcc, 0xfa, 0x65, 0x77, 0x94, 0xb5, 0xa1, 0x0a, 0xa9, 0xd1, 0x8a,
82 0x39, 0x37, 0xf4, 0x0b, 0xa0, 0xd7, 0x82, 0x27, 0x5e, 0xae, 0x17, 0x17,
83 0xa1, 0x1e, 0x54, 0x34, 0xbf, 0x6e, 0xc4, 0x8e, 0x99, 0x5d, 0x08, 0xf1,
84 0x2d, 0x86, 0x9d, 0xa5, 0x20, 0x1b, 0xe5, 0xdf,
88 * kExampleDSAKeyDER is a DSA private key in ASN.1, DER format. Of course, you
89 * should never use this key anywhere but in an example.
91 #ifndef OPENSSL_NO_DSA
92 static const unsigned char kExampleDSAKeyDER[] = {
93 0x30, 0x82, 0x01, 0xba, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81, 0x00, 0x9a,
94 0x05, 0x6d, 0x33, 0xcd, 0x5d, 0x78, 0xa1, 0xbb, 0xcb, 0x7d, 0x5b, 0x8d,
95 0xb4, 0xcc, 0xbf, 0x03, 0x99, 0x64, 0xde, 0x38, 0x78, 0x06, 0x15, 0x2f,
96 0x86, 0x26, 0x77, 0xf3, 0xb1, 0x85, 0x00, 0xed, 0xfc, 0x28, 0x3a, 0x42,
97 0x4d, 0xab, 0xab, 0xdf, 0xbc, 0x9c, 0x16, 0xd0, 0x22, 0x50, 0xd1, 0x38,
98 0xdd, 0x3f, 0x64, 0x05, 0x9e, 0x68, 0x7a, 0x1e, 0xf1, 0x56, 0xbf, 0x1e,
99 0x2c, 0xc5, 0x97, 0x2a, 0xfe, 0x7a, 0x22, 0xdc, 0x6c, 0x68, 0xb8, 0x2e,
100 0x06, 0xdb, 0x41, 0xca, 0x98, 0xd8, 0x54, 0xc7, 0x64, 0x48, 0x24, 0x04,
101 0x20, 0xbc, 0x59, 0xe3, 0x6b, 0xea, 0x7e, 0xfc, 0x7e, 0xc5, 0x4e, 0xd4,
102 0xd8, 0x3a, 0xed, 0xcd, 0x5d, 0x99, 0xb8, 0x5c, 0xa2, 0x8b, 0xbb, 0x0b,
103 0xac, 0xe6, 0x8e, 0x25, 0x56, 0x22, 0x3a, 0x2d, 0x3a, 0x56, 0x41, 0x14,
104 0x1f, 0x1c, 0x8f, 0x53, 0x46, 0x13, 0x85, 0x02, 0x15, 0x00, 0x98, 0x7e,
105 0x92, 0x81, 0x88, 0xc7, 0x3f, 0x70, 0x49, 0x54, 0xf6, 0x76, 0xb4, 0xa3,
106 0x9e, 0x1d, 0x45, 0x98, 0x32, 0x7f, 0x02, 0x81, 0x80, 0x69, 0x4d, 0xef,
107 0x55, 0xff, 0x4d, 0x59, 0x2c, 0x01, 0xfa, 0x6a, 0x38, 0xe0, 0x70, 0x9f,
108 0x9e, 0x66, 0x8e, 0x3e, 0x8c, 0x52, 0x22, 0x9d, 0x15, 0x7e, 0x3c, 0xef,
109 0x4c, 0x7a, 0x61, 0x26, 0xe0, 0x2b, 0x81, 0x3f, 0xeb, 0xaf, 0x35, 0x38,
110 0x8d, 0xfe, 0xed, 0x46, 0xff, 0x5f, 0x03, 0x9b, 0x81, 0x92, 0xe7, 0x6f,
111 0x76, 0x4f, 0x1d, 0xd9, 0xbb, 0x89, 0xc9, 0x3e, 0xd9, 0x0b, 0xf9, 0xf4,
112 0x78, 0x11, 0x59, 0xc0, 0x1d, 0xcd, 0x0e, 0xa1, 0x6f, 0x15, 0xf1, 0x4d,
113 0xc1, 0xc9, 0x22, 0xed, 0x8d, 0xad, 0x67, 0xc5, 0x4b, 0x95, 0x93, 0x86,
114 0xa6, 0xaf, 0x8a, 0xee, 0x06, 0x89, 0x2f, 0x37, 0x7e, 0x64, 0xaa, 0xf6,
115 0xe7, 0xb1, 0x5a, 0x0a, 0x93, 0x95, 0x5d, 0x3e, 0x53, 0x9a, 0xde, 0x8a,
116 0xc2, 0x95, 0x45, 0x81, 0xbe, 0x5c, 0x2f, 0xc2, 0xb2, 0x92, 0x58, 0x19,
117 0x72, 0x80, 0xe9, 0x79, 0xa1, 0x02, 0x81, 0x80, 0x07, 0xd7, 0x62, 0xff,
118 0xdf, 0x1a, 0x3f, 0xed, 0x32, 0xd4, 0xd4, 0x88, 0x7b, 0x2c, 0x63, 0x7f,
119 0x97, 0xdc, 0x44, 0xd4, 0x84, 0xa2, 0xdd, 0x17, 0x16, 0x85, 0x13, 0xe0,
120 0xac, 0x51, 0x8d, 0x29, 0x1b, 0x75, 0x9a, 0xe4, 0xe3, 0x8a, 0x92, 0x69,
121 0x09, 0x03, 0xc5, 0x68, 0xae, 0x5e, 0x94, 0xfe, 0xc9, 0x92, 0x6c, 0x07,
122 0xb4, 0x1e, 0x64, 0x62, 0x87, 0xc6, 0xa4, 0xfd, 0x0d, 0x5f, 0xe5, 0xf9,
123 0x1b, 0x4f, 0x85, 0x5f, 0xae, 0xf3, 0x11, 0xe5, 0x18, 0xd4, 0x4d, 0x79,
124 0x9f, 0xc4, 0x79, 0x26, 0x04, 0x27, 0xf0, 0x0b, 0xee, 0x2b, 0x86, 0x9f,
125 0x86, 0x61, 0xe6, 0x51, 0xce, 0x04, 0x9b, 0x5d, 0x6b, 0x34, 0x43, 0x8c,
126 0x85, 0x3c, 0xf1, 0x51, 0x9b, 0x08, 0x23, 0x1b, 0xf5, 0x7e, 0x33, 0x12,
127 0xea, 0xab, 0x1f, 0xb7, 0x2d, 0xe2, 0x5f, 0xe6, 0x97, 0x99, 0xb5, 0x45,
128 0x16, 0x5b, 0xc3, 0x41, 0x02, 0x14, 0x61, 0xbf, 0x51, 0x60, 0xcf, 0xc8,
129 0xf1, 0x8c, 0x82, 0x97, 0xf2, 0xf4, 0x19, 0xba, 0x2b, 0xf3, 0x16, 0xbe,
135 * kExampleBadRSAKeyDER is an RSA private key in ASN.1, DER format. The private
136 * components are not correct.
138 static const unsigned char kExampleBadRSAKeyDER[] = {
139 0x30, 0x82, 0x04, 0x27, 0x02, 0x01, 0x00, 0x02, 0x82, 0x01, 0x01, 0x00,
140 0xa6, 0x1a, 0x1e, 0x6e, 0x7b, 0xee, 0xc6, 0x89, 0x66, 0xe7, 0x93, 0xef,
141 0x54, 0x12, 0x68, 0xea, 0xbf, 0x86, 0x2f, 0xdd, 0xd2, 0x79, 0xb8, 0xa9,
142 0x6e, 0x03, 0xc2, 0xa3, 0xb9, 0xa3, 0xe1, 0x4b, 0x2a, 0xb3, 0xf8, 0xb4,
143 0xcd, 0xea, 0xbe, 0x24, 0xa6, 0x57, 0x5b, 0x83, 0x1f, 0x0f, 0xf2, 0xd3,
144 0xb7, 0xac, 0x7e, 0xd6, 0x8e, 0x6e, 0x1e, 0xbf, 0xb8, 0x73, 0x8c, 0x05,
145 0x56, 0xe6, 0x35, 0x1f, 0xe9, 0x04, 0x0b, 0x09, 0x86, 0x7d, 0xf1, 0x26,
146 0x08, 0x99, 0xad, 0x7b, 0xc8, 0x4d, 0x94, 0xb0, 0x0b, 0x8b, 0x38, 0xa0,
147 0x5c, 0x62, 0xa0, 0xab, 0xd3, 0x8f, 0xd4, 0x09, 0x60, 0x72, 0x1e, 0x33,
148 0x50, 0x80, 0x6e, 0x22, 0xa6, 0x77, 0x57, 0x6b, 0x9a, 0x33, 0x21, 0x66,
149 0x87, 0x6e, 0x21, 0x7b, 0xc7, 0x24, 0x0e, 0xd8, 0x13, 0xdf, 0x83, 0xde,
150 0xcd, 0x40, 0x58, 0x1d, 0x84, 0x86, 0xeb, 0xb8, 0x12, 0x4e, 0xd2, 0xfa,
151 0x80, 0x1f, 0xe4, 0xe7, 0x96, 0x29, 0xb8, 0xcc, 0xce, 0x66, 0x6d, 0x53,
152 0xca, 0xb9, 0x5a, 0xd7, 0xf6, 0x84, 0x6c, 0x2d, 0x9a, 0x1a, 0x14, 0x1c,
153 0x4e, 0x93, 0x39, 0xba, 0x74, 0xed, 0xed, 0x87, 0x87, 0x5e, 0x48, 0x75,
154 0x36, 0xf0, 0xbc, 0x34, 0xfb, 0x29, 0xf9, 0x9f, 0x96, 0x5b, 0x0b, 0xa7,
155 0x54, 0x30, 0x51, 0x29, 0x18, 0x5b, 0x7d, 0xac, 0x0f, 0xd6, 0x5f, 0x7c,
156 0xf8, 0x98, 0x8c, 0xd8, 0x86, 0x62, 0xb3, 0xdc, 0xff, 0x0f, 0xff, 0x7a,
157 0xaf, 0x5c, 0x4c, 0x61, 0x49, 0x2e, 0xc8, 0x95, 0x86, 0xc4, 0x0e, 0x87,
158 0xfc, 0x1d, 0xcf, 0x8b, 0x7c, 0x61, 0xf6, 0xd8, 0xd0, 0x69, 0xf6, 0xcd,
159 0x8a, 0x8c, 0xf6, 0x62, 0xa2, 0x56, 0xa9, 0xe3, 0xd1, 0xcf, 0x4d, 0xa0,
160 0xf6, 0x2d, 0x20, 0x0a, 0x04, 0xb7, 0xa2, 0xf7, 0xb5, 0x99, 0x47, 0x18,
161 0x56, 0x85, 0x87, 0xc7, 0x02, 0x03, 0x01, 0x00, 0x01, 0x02, 0x82, 0x01,
162 0x01, 0x00, 0x99, 0x41, 0x38, 0x1a, 0xd0, 0x96, 0x7a, 0xf0, 0x83, 0xd5,
163 0xdf, 0x94, 0xce, 0x89, 0x3d, 0xec, 0x7a, 0x52, 0x21, 0x10, 0x16, 0x06,
164 0xe0, 0xee, 0xd2, 0xe6, 0xfd, 0x4b, 0x7b, 0x19, 0x4d, 0xe1, 0xc0, 0xc0,
165 0xd5, 0x14, 0x5d, 0x79, 0xdd, 0x7e, 0x8b, 0x4b, 0xc6, 0xcf, 0xb0, 0x75,
166 0x52, 0xa3, 0x2d, 0xb1, 0x26, 0x46, 0x68, 0x9c, 0x0a, 0x1a, 0xf2, 0xe1,
167 0x09, 0xac, 0x53, 0x85, 0x8c, 0x36, 0xa9, 0x14, 0x65, 0xea, 0xa0, 0x00,
168 0xcb, 0xe3, 0x3f, 0xc4, 0x2b, 0x61, 0x2e, 0x6b, 0x06, 0x69, 0x77, 0xfd,
169 0x38, 0x7e, 0x1d, 0x3f, 0x92, 0xe7, 0x77, 0x08, 0x19, 0xa7, 0x9d, 0x29,
170 0x2d, 0xdc, 0x42, 0xc6, 0x7c, 0xd7, 0xd3, 0xa8, 0x01, 0x2c, 0xf2, 0xd5,
171 0x82, 0x57, 0xcb, 0x55, 0x3d, 0xe7, 0xaa, 0xd2, 0x06, 0x30, 0x30, 0x05,
172 0xe6, 0xf2, 0x47, 0x86, 0xba, 0xc6, 0x61, 0x64, 0xeb, 0x4f, 0x2a, 0x5e,
173 0x07, 0x29, 0xe0, 0x96, 0xb2, 0x43, 0xff, 0x5f, 0x1a, 0x54, 0x16, 0xcf,
174 0xb5, 0x56, 0x5c, 0xa0, 0x9b, 0x0c, 0xfd, 0xb3, 0xd2, 0xe3, 0x79, 0x1d,
175 0x21, 0xe2, 0xd6, 0x13, 0xc4, 0x74, 0xa6, 0xf5, 0x8e, 0x8e, 0x81, 0xbb,
176 0xb4, 0xad, 0x8a, 0xf0, 0x93, 0x0a, 0xd8, 0x0a, 0x42, 0x36, 0xbc, 0xe5,
177 0x26, 0x2a, 0x0d, 0x5d, 0x57, 0x13, 0xc5, 0x4e, 0x2f, 0x12, 0x0e, 0xef,
178 0xa7, 0x81, 0x1e, 0xc3, 0xa5, 0xdb, 0xc9, 0x24, 0xeb, 0x1a, 0xa1, 0xf9,
179 0xf6, 0xa1, 0x78, 0x98, 0x93, 0x77, 0x42, 0x45, 0x03, 0xe2, 0xc9, 0xa2,
180 0xfe, 0x2d, 0x77, 0xc8, 0xc6, 0xac, 0x9b, 0x98, 0x89, 0x6d, 0x9a, 0xe7,
181 0x61, 0x63, 0xb7, 0xf2, 0xec, 0xd6, 0xb1, 0xa1, 0x6e, 0x0a, 0x1a, 0xff,
182 0xfd, 0x43, 0x28, 0xc3, 0x0c, 0xdc, 0xf2, 0x47, 0x4f, 0x27, 0xaa, 0x99,
183 0x04, 0x8e, 0xac, 0xe8, 0x7c, 0x01, 0x02, 0x04, 0x12, 0x34, 0x56, 0x78,
184 0x02, 0x81, 0x81, 0x00, 0xca, 0x69, 0xe5, 0xbb, 0x3a, 0x90, 0x82, 0xcb,
185 0x82, 0x50, 0x2f, 0x29, 0xe2, 0x76, 0x6a, 0x57, 0x55, 0x45, 0x4e, 0x35,
186 0x18, 0x61, 0xe0, 0x12, 0x70, 0xc0, 0xab, 0xc7, 0x80, 0xa2, 0xd4, 0x46,
187 0x34, 0x03, 0xa0, 0x19, 0x26, 0x23, 0x9e, 0xef, 0x1a, 0xcb, 0x75, 0xd6,
188 0xba, 0x81, 0xf4, 0x7e, 0x52, 0xe5, 0x2a, 0xe8, 0xf1, 0x49, 0x6c, 0x0f,
189 0x1a, 0xa0, 0xf9, 0xc6, 0xe7, 0xec, 0x60, 0xe4, 0xcb, 0x2a, 0xb5, 0x56,
190 0xe9, 0x9c, 0xcd, 0x19, 0x75, 0x92, 0xb1, 0x66, 0xce, 0xc3, 0xd9, 0x3d,
191 0x11, 0xcb, 0xc4, 0x09, 0xce, 0x1e, 0x30, 0xba, 0x2f, 0x60, 0x60, 0x55,
192 0x8d, 0x02, 0xdc, 0x5d, 0xaf, 0xf7, 0x52, 0x31, 0x17, 0x07, 0x53, 0x20,
193 0x33, 0xad, 0x8c, 0xd5, 0x2f, 0x5a, 0xd0, 0x57, 0xd7, 0xd1, 0x80, 0xd6,
194 0x3a, 0x9b, 0x04, 0x4f, 0x35, 0xbf, 0xe7, 0xd5, 0xbc, 0x8f, 0xd4, 0x81,
195 0x02, 0x81, 0x81, 0x00, 0xc0, 0x9f, 0xf8, 0xcd, 0xf7, 0x3f, 0x26, 0x8a,
196 0x3d, 0x4d, 0x2b, 0x0c, 0x01, 0xd0, 0xa2, 0xb4, 0x18, 0xfe, 0xf7, 0x5e,
197 0x2f, 0x06, 0x13, 0xcd, 0x63, 0xaa, 0x12, 0xa9, 0x24, 0x86, 0xe3, 0xf3,
198 0x7b, 0xda, 0x1a, 0x3c, 0xb1, 0x38, 0x80, 0x80, 0xef, 0x64, 0x64, 0xa1,
199 0x9b, 0xfe, 0x76, 0x63, 0x8e, 0x83, 0xd2, 0xd9, 0xb9, 0x86, 0xb0, 0xe6,
200 0xa6, 0x0c, 0x7e, 0xa8, 0x84, 0x90, 0x98, 0x0c, 0x1e, 0xf3, 0x14, 0x77,
201 0xe0, 0x5f, 0x81, 0x08, 0x11, 0x8f, 0xa6, 0x23, 0xc4, 0xba, 0xc0, 0x8a,
202 0xe4, 0xc6, 0xe3, 0x5c, 0xbe, 0xc5, 0xec, 0x2c, 0xb9, 0xd8, 0x8c, 0x4d,
203 0x1a, 0x9d, 0xe7, 0x7c, 0x85, 0x4c, 0x0d, 0x71, 0x4e, 0x72, 0x33, 0x1b,
204 0xfe, 0xa9, 0x17, 0x72, 0x76, 0x56, 0x9d, 0x74, 0x7e, 0x52, 0x67, 0x9a,
205 0x87, 0x9a, 0xdb, 0x30, 0xde, 0xe4, 0x49, 0x28, 0x3b, 0xd2, 0x67, 0xaf,
206 0x02, 0x81, 0x81, 0x00, 0x89, 0x74, 0x9a, 0x8e, 0xa7, 0xb9, 0xa5, 0x28,
207 0xc0, 0x68, 0xe5, 0x6e, 0x63, 0x1c, 0x99, 0x20, 0x8f, 0x86, 0x8e, 0x12,
208 0x9e, 0x69, 0x30, 0xfa, 0x34, 0xd9, 0x92, 0x8d, 0xdb, 0x7c, 0x37, 0xfd,
209 0x28, 0xab, 0x61, 0x98, 0x52, 0x7f, 0x14, 0x1a, 0x39, 0xae, 0xfb, 0x6a,
210 0x03, 0xa3, 0xe6, 0xbd, 0xb6, 0x5b, 0x6b, 0xe5, 0x5e, 0x9d, 0xc6, 0xa5,
211 0x07, 0x27, 0x54, 0x17, 0xd0, 0x3d, 0x84, 0x9b, 0x3a, 0xa0, 0xd9, 0x1e,
212 0x99, 0x6c, 0x63, 0x17, 0xab, 0xf1, 0x1f, 0x49, 0xba, 0x95, 0xe3, 0x3b,
213 0x86, 0x8f, 0x42, 0xa4, 0x89, 0xf5, 0x94, 0x8f, 0x8b, 0x46, 0xbe, 0x84,
214 0xba, 0x4a, 0xbc, 0x0d, 0x5f, 0x46, 0xeb, 0xe8, 0xec, 0x43, 0x8c, 0x1e,
215 0xad, 0x19, 0x69, 0x2f, 0x08, 0x86, 0x7a, 0x3f, 0x7d, 0x0f, 0x07, 0x97,
216 0xf3, 0x9a, 0x7b, 0xb5, 0xb2, 0xc1, 0x8c, 0x95, 0x68, 0x04, 0xa0, 0x81,
217 0x02, 0x81, 0x80, 0x4e, 0xbf, 0x7e, 0x1b, 0xcb, 0x13, 0x61, 0x75, 0x3b,
218 0xdb, 0x59, 0x5f, 0xb1, 0xd4, 0xb8, 0xeb, 0x9e, 0x73, 0xb5, 0xe7, 0xf6,
219 0x89, 0x3d, 0x1c, 0xda, 0xf0, 0x36, 0xff, 0x35, 0xbd, 0x1e, 0x0b, 0x74,
220 0xe3, 0x9e, 0xf0, 0xf2, 0xf7, 0xd7, 0x82, 0xb7, 0x7b, 0x6a, 0x1b, 0x0e,
221 0x30, 0x4a, 0x98, 0x0e, 0xb4, 0xf9, 0x81, 0x07, 0xe4, 0x75, 0x39, 0xe9,
222 0x53, 0xca, 0xbb, 0x5c, 0xaa, 0x93, 0x07, 0x0e, 0xa8, 0x2f, 0xba, 0x98,
223 0x49, 0x30, 0xa7, 0xcc, 0x1a, 0x3c, 0x68, 0x0c, 0xe1, 0xa4, 0xb1, 0x05,
224 0xe6, 0xe0, 0x25, 0x78, 0x58, 0x14, 0x37, 0xf5, 0x1f, 0xe3, 0x22, 0xef,
225 0xa8, 0x0e, 0x22, 0xa0, 0x94, 0x3a, 0xf6, 0xc9, 0x13, 0xe6, 0x06, 0xbf,
226 0x7f, 0x99, 0xc6, 0xcc, 0xd8, 0xc6, 0xbe, 0xd9, 0x2e, 0x24, 0xc7, 0x69,
227 0x8c, 0x95, 0xba, 0xf6, 0x04, 0xb3, 0x0a, 0xf4, 0xcb, 0xf0, 0xce,
230 static const unsigned char kMsg[] = { 1, 2, 3, 4 };
232 static const unsigned char kSignature[] = {
233 0xa5, 0xf0, 0x8a, 0x47, 0x5d, 0x3c, 0xb3, 0xcc, 0xa9, 0x79, 0xaf, 0x4d,
234 0x8c, 0xae, 0x4c, 0x14, 0xef, 0xc2, 0x0b, 0x34, 0x36, 0xde, 0xf4, 0x3e,
235 0x3d, 0xbb, 0x4a, 0x60, 0x5c, 0xc8, 0x91, 0x28, 0xda, 0xfb, 0x7e, 0x04,
236 0x96, 0x7e, 0x63, 0x13, 0x90, 0xce, 0xb9, 0xb4, 0x62, 0x7a, 0xfd, 0x09,
237 0x3d, 0xc7, 0x67, 0x78, 0x54, 0x04, 0xeb, 0x52, 0x62, 0x6e, 0x24, 0x67,
238 0xb4, 0x40, 0xfc, 0x57, 0x62, 0xc6, 0xf1, 0x67, 0xc1, 0x97, 0x8f, 0x6a,
239 0xa8, 0xae, 0x44, 0x46, 0x5e, 0xab, 0x67, 0x17, 0x53, 0x19, 0x3a, 0xda,
240 0x5a, 0xc8, 0x16, 0x3e, 0x86, 0xd5, 0xc5, 0x71, 0x2f, 0xfc, 0x23, 0x48,
241 0xd9, 0x0b, 0x13, 0xdd, 0x7b, 0x5a, 0x25, 0x79, 0xef, 0xa5, 0x7b, 0x04,
242 0xed, 0x44, 0xf6, 0x18, 0x55, 0xe4, 0x0a, 0xe9, 0x57, 0x79, 0x5d, 0xd7,
243 0x55, 0xa7, 0xab, 0x45, 0x02, 0x97, 0x60, 0x42,
247 * kExampleRSAKeyPKCS8 is kExampleRSAKeyDER encoded in a PKCS #8
250 static const unsigned char kExampleRSAKeyPKCS8[] = {
251 0x30, 0x82, 0x02, 0x76, 0x02, 0x01, 0x00, 0x30, 0x0d, 0x06, 0x09, 0x2a,
252 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x04, 0x82,
253 0x02, 0x60, 0x30, 0x82, 0x02, 0x5c, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81,
254 0x00, 0xf8, 0xb8, 0x6c, 0x83, 0xb4, 0xbc, 0xd9, 0xa8, 0x57, 0xc0, 0xa5,
255 0xb4, 0x59, 0x76, 0x8c, 0x54, 0x1d, 0x79, 0xeb, 0x22, 0x52, 0x04, 0x7e,
256 0xd3, 0x37, 0xeb, 0x41, 0xfd, 0x83, 0xf9, 0xf0, 0xa6, 0x85, 0x15, 0x34,
257 0x75, 0x71, 0x5a, 0x84, 0xa8, 0x3c, 0xd2, 0xef, 0x5a, 0x4e, 0xd3, 0xde,
258 0x97, 0x8a, 0xdd, 0xff, 0xbb, 0xcf, 0x0a, 0xaa, 0x86, 0x92, 0xbe, 0xb8,
259 0x50, 0xe4, 0xcd, 0x6f, 0x80, 0x33, 0x30, 0x76, 0x13, 0x8f, 0xca, 0x7b,
260 0xdc, 0xec, 0x5a, 0xca, 0x63, 0xc7, 0x03, 0x25, 0xef, 0xa8, 0x8a, 0x83,
261 0x58, 0x76, 0x20, 0xfa, 0x16, 0x77, 0xd7, 0x79, 0x92, 0x63, 0x01, 0x48,
262 0x1a, 0xd8, 0x7b, 0x67, 0xf1, 0x52, 0x55, 0x49, 0x4e, 0xd6, 0x6e, 0x4a,
263 0x5c, 0xd7, 0x7a, 0x37, 0x36, 0x0c, 0xde, 0xdd, 0x8f, 0x44, 0xe8, 0xc2,
264 0xa7, 0x2c, 0x2b, 0xb5, 0xaf, 0x64, 0x4b, 0x61, 0x07, 0x02, 0x03, 0x01,
265 0x00, 0x01, 0x02, 0x81, 0x80, 0x74, 0x88, 0x64, 0x3f, 0x69, 0x45, 0x3a,
266 0x6d, 0xc7, 0x7f, 0xb9, 0xa3, 0xc0, 0x6e, 0xec, 0xdc, 0xd4, 0x5a, 0xb5,
267 0x32, 0x85, 0x5f, 0x19, 0xd4, 0xf8, 0xd4, 0x3f, 0x3c, 0xfa, 0xc2, 0xf6,
268 0x5f, 0xee, 0xe6, 0xba, 0x87, 0x74, 0x2e, 0xc7, 0x0c, 0xd4, 0x42, 0xb8,
269 0x66, 0x85, 0x9c, 0x7b, 0x24, 0x61, 0xaa, 0x16, 0x11, 0xf6, 0xb5, 0xb6,
270 0xa4, 0x0a, 0xc9, 0x55, 0x2e, 0x81, 0xa5, 0x47, 0x61, 0xcb, 0x25, 0x8f,
271 0xc2, 0x15, 0x7b, 0x0e, 0x7c, 0x36, 0x9f, 0x3a, 0xda, 0x58, 0x86, 0x1c,
272 0x5b, 0x83, 0x79, 0xe6, 0x2b, 0xcc, 0xe6, 0xfa, 0x2c, 0x61, 0xf2, 0x78,
273 0x80, 0x1b, 0xe2, 0xf3, 0x9d, 0x39, 0x2b, 0x65, 0x57, 0x91, 0x3d, 0x71,
274 0x99, 0x73, 0xa5, 0xc2, 0x79, 0x20, 0x8c, 0x07, 0x4f, 0xe5, 0xb4, 0x60,
275 0x1f, 0x99, 0xa2, 0xb1, 0x4f, 0x0c, 0xef, 0xbc, 0x59, 0x53, 0x00, 0x7d,
276 0xb1, 0x02, 0x41, 0x00, 0xfc, 0x7e, 0x23, 0x65, 0x70, 0xf8, 0xce, 0xd3,
277 0x40, 0x41, 0x80, 0x6a, 0x1d, 0x01, 0xd6, 0x01, 0xff, 0xb6, 0x1b, 0x3d,
278 0x3d, 0x59, 0x09, 0x33, 0x79, 0xc0, 0x4f, 0xde, 0x96, 0x27, 0x4b, 0x18,
279 0xc6, 0xd9, 0x78, 0xf1, 0xf4, 0x35, 0x46, 0xe9, 0x7c, 0x42, 0x7a, 0x5d,
280 0x9f, 0xef, 0x54, 0xb8, 0xf7, 0x9f, 0xc4, 0x33, 0x6c, 0xf3, 0x8c, 0x32,
281 0x46, 0x87, 0x67, 0x30, 0x7b, 0xa7, 0xac, 0xe3, 0x02, 0x41, 0x00, 0xfc,
282 0x2c, 0xdf, 0x0c, 0x0d, 0x88, 0xf5, 0xb1, 0x92, 0xa8, 0x93, 0x47, 0x63,
283 0x55, 0xf5, 0xca, 0x58, 0x43, 0xba, 0x1c, 0xe5, 0x9e, 0xb6, 0x95, 0x05,
284 0xcd, 0xb5, 0x82, 0xdf, 0xeb, 0x04, 0x53, 0x9d, 0xbd, 0xc2, 0x38, 0x16,
285 0xb3, 0x62, 0xdd, 0xa1, 0x46, 0xdb, 0x6d, 0x97, 0x93, 0x9f, 0x8a, 0xc3,
286 0x9b, 0x64, 0x7e, 0x42, 0xe3, 0x32, 0x57, 0x19, 0x1b, 0xd5, 0x6e, 0x85,
287 0xfa, 0xb8, 0x8d, 0x02, 0x41, 0x00, 0xbc, 0x3d, 0xde, 0x6d, 0xd6, 0x97,
288 0xe8, 0xba, 0x9e, 0x81, 0x37, 0x17, 0xe5, 0xa0, 0x64, 0xc9, 0x00, 0xb7,
289 0xe7, 0xfe, 0xf4, 0x29, 0xd9, 0x2e, 0x43, 0x6b, 0x19, 0x20, 0xbd, 0x99,
290 0x75, 0xe7, 0x76, 0xf8, 0xd3, 0xae, 0xaf, 0x7e, 0xb8, 0xeb, 0x81, 0xf4,
291 0x9d, 0xfe, 0x07, 0x2b, 0x0b, 0x63, 0x0b, 0x5a, 0x55, 0x90, 0x71, 0x7d,
292 0xf1, 0xdb, 0xd9, 0xb1, 0x41, 0x41, 0x68, 0x2f, 0x4e, 0x39, 0x02, 0x40,
293 0x5a, 0x34, 0x66, 0xd8, 0xf5, 0xe2, 0x7f, 0x18, 0xb5, 0x00, 0x6e, 0x26,
294 0x84, 0x27, 0x14, 0x93, 0xfb, 0xfc, 0xc6, 0x0f, 0x5e, 0x27, 0xe6, 0xe1,
295 0xe9, 0xc0, 0x8a, 0xe4, 0x34, 0xda, 0xe9, 0xa2, 0x4b, 0x73, 0xbc, 0x8c,
296 0xb9, 0xba, 0x13, 0x6c, 0x7a, 0x2b, 0x51, 0x84, 0xa3, 0x4a, 0xe0, 0x30,
297 0x10, 0x06, 0x7e, 0xed, 0x17, 0x5a, 0x14, 0x00, 0xc9, 0xef, 0x85, 0xea,
298 0x52, 0x2c, 0xbc, 0x65, 0x02, 0x40, 0x51, 0xe3, 0xf2, 0x83, 0x19, 0x9b,
299 0xc4, 0x1e, 0x2f, 0x50, 0x3d, 0xdf, 0x5a, 0xa2, 0x18, 0xca, 0x5f, 0x2e,
300 0x49, 0xaf, 0x6f, 0xcc, 0xfa, 0x65, 0x77, 0x94, 0xb5, 0xa1, 0x0a, 0xa9,
301 0xd1, 0x8a, 0x39, 0x37, 0xf4, 0x0b, 0xa0, 0xd7, 0x82, 0x27, 0x5e, 0xae,
302 0x17, 0x17, 0xa1, 0x1e, 0x54, 0x34, 0xbf, 0x6e, 0xc4, 0x8e, 0x99, 0x5d,
303 0x08, 0xf1, 0x2d, 0x86, 0x9d, 0xa5, 0x20, 0x1b, 0xe5, 0xdf,
306 #ifndef OPENSSL_NO_EC
308 * kExampleECKeyDER is a sample EC private key encoded as an ECPrivateKey
311 static const unsigned char kExampleECKeyDER[] = {
312 0x30, 0x77, 0x02, 0x01, 0x01, 0x04, 0x20, 0x07, 0x0f, 0x08, 0x72, 0x7a,
313 0xd4, 0xa0, 0x4a, 0x9c, 0xdd, 0x59, 0xc9, 0x4d, 0x89, 0x68, 0x77, 0x08,
314 0xb5, 0x6f, 0xc9, 0x5d, 0x30, 0x77, 0x0e, 0xe8, 0xd1, 0xc9, 0xce, 0x0a,
315 0x8b, 0xb4, 0x6a, 0xa0, 0x0a, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d,
316 0x03, 0x01, 0x07, 0xa1, 0x44, 0x03, 0x42, 0x00, 0x04, 0xe6, 0x2b, 0x69,
317 0xe2, 0xbf, 0x65, 0x9f, 0x97, 0xbe, 0x2f, 0x1e, 0x0d, 0x94, 0x8a, 0x4c,
318 0xd5, 0x97, 0x6b, 0xb7, 0xa9, 0x1e, 0x0d, 0x46, 0xfb, 0xdd, 0xa9, 0xa9,
319 0x1e, 0x9d, 0xdc, 0xba, 0x5a, 0x01, 0xe7, 0xd6, 0x97, 0xa8, 0x0a, 0x18,
320 0xf9, 0xc3, 0xc4, 0xa3, 0x1e, 0x56, 0xe2, 0x7c, 0x83, 0x48, 0xdb, 0x16,
321 0x1a, 0x1c, 0xf5, 0x1d, 0x7e, 0xf1, 0x94, 0x2d, 0x4b, 0xcf, 0x72, 0x22,
326 * kExampleBadECKeyDER is a sample EC private key encoded as an ECPrivateKey
327 * structure. The private key is equal to the order and will fail to import
329 static const unsigned char kExampleBadECKeyDER[] = {
330 0x30, 0x66, 0x02, 0x01, 0x00, 0x30, 0x13, 0x06, 0x07, 0x2A, 0x86, 0x48,
331 0xCE, 0x3D, 0x02, 0x01, 0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x03,
332 0x01, 0x07, 0x04, 0x4C, 0x30, 0x4A, 0x02, 0x01, 0x01, 0x04, 0x20, 0xFF,
333 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
334 0xFF, 0xFF, 0xFF, 0xBC, 0xE6, 0xFA, 0xAD, 0xA7, 0x17, 0x9E, 0x84, 0xF3,
335 0xB9, 0xCA, 0xC2, 0xFC, 0x63, 0x25, 0x51, 0xA1, 0x23, 0x03, 0x21, 0x00,
336 0x00, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF,
337 0xFF, 0xFF, 0xFF, 0xFF, 0xBC, 0xE6, 0xFA, 0xAD, 0xA7, 0x17, 0x9E, 0x84,
338 0xF3, 0xB9, 0xCA, 0xC2, 0xFC, 0x63, 0x25, 0x51
342 static const unsigned char kExampleECPubKeyDER[] = {
343 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
344 0x01, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, 0x03,
345 0x42, 0x00, 0x04, 0xba, 0xeb, 0x83, 0xfb, 0x3b, 0xb2, 0xff, 0x30, 0x53,
346 0xdb, 0xce, 0x32, 0xf2, 0xac, 0xae, 0x44, 0x0d, 0x3d, 0x13, 0x53, 0xb8,
347 0xd1, 0x68, 0x55, 0xde, 0x44, 0x46, 0x05, 0xa6, 0xc9, 0xd2, 0x04, 0xb7,
348 0xe3, 0xa2, 0x96, 0xc8, 0xb2, 0x5e, 0x22, 0x03, 0xd7, 0x03, 0x7a, 0x8b,
349 0x13, 0x5c, 0x42, 0x49, 0xc2, 0xab, 0x86, 0xd6, 0xac, 0x6b, 0x93, 0x20,
350 0x56, 0x6a, 0xc6, 0xc8, 0xa5, 0x0b, 0xe5
354 * kExampleBadECPubKeyDER is a sample EC public key with a wrong OID
355 * 1.2.840.10045.2.2 instead of 1.2.840.10045.2.1 - EC Public Key
357 static const unsigned char kExampleBadECPubKeyDER[] = {
358 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
359 0x02, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, 0x03,
360 0x42, 0x00, 0x04, 0xba, 0xeb, 0x83, 0xfb, 0x3b, 0xb2, 0xff, 0x30, 0x53,
361 0xdb, 0xce, 0x32, 0xf2, 0xac, 0xae, 0x44, 0x0d, 0x3d, 0x13, 0x53, 0xb8,
362 0xd1, 0x68, 0x55, 0xde, 0x44, 0x46, 0x05, 0xa6, 0xc9, 0xd2, 0x04, 0xb7,
363 0xe3, 0xa2, 0x96, 0xc8, 0xb2, 0x5e, 0x22, 0x03, 0xd7, 0x03, 0x7a, 0x8b,
364 0x13, 0x5c, 0x42, 0x49, 0xc2, 0xab, 0x86, 0xd6, 0xac, 0x6b, 0x93, 0x20,
365 0x56, 0x6a, 0xc6, 0xc8, 0xa5, 0x0b, 0xe5
368 static const unsigned char pExampleECParamDER[] = {
369 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07
373 typedef struct APK_DATA_st {
374 const unsigned char *kder;
380 int type; /* 0 for private, 1 for public, 2 for params */
383 static APK_DATA keydata[] = {
384 {kExampleRSAKeyDER, sizeof(kExampleRSAKeyDER), EVP_PKEY_RSA},
385 {kExampleRSAKeyPKCS8, sizeof(kExampleRSAKeyPKCS8), EVP_PKEY_RSA},
386 #ifndef OPENSSL_NO_EC
387 {kExampleECKeyDER, sizeof(kExampleECKeyDER), EVP_PKEY_EC}
391 static APK_DATA keycheckdata[] = {
392 {kExampleRSAKeyDER, sizeof(kExampleRSAKeyDER), EVP_PKEY_RSA, 1, -2, -2, 0},
393 {kExampleBadRSAKeyDER, sizeof(kExampleBadRSAKeyDER), EVP_PKEY_RSA,
395 #ifndef OPENSSL_NO_EC
396 {kExampleECKeyDER, sizeof(kExampleECKeyDER), EVP_PKEY_EC, 1, 1, 1, 0},
397 /* group is also associated in our pub key */
398 {kExampleECPubKeyDER, sizeof(kExampleECPubKeyDER), EVP_PKEY_EC, 0, 1, 1, 1},
399 {pExampleECParamDER, sizeof(pExampleECParamDER), EVP_PKEY_EC, 0, 0, 1, 2}
403 static EVP_PKEY *load_example_rsa_key(void)
405 EVP_PKEY *ret = NULL;
406 const unsigned char *derp = kExampleRSAKeyDER;
407 EVP_PKEY *pkey = NULL;
410 if (!TEST_true(d2i_RSAPrivateKey(&rsa, &derp, sizeof(kExampleRSAKeyDER))))
413 if (!TEST_ptr(pkey = EVP_PKEY_new())
414 || !TEST_true(EVP_PKEY_set1_RSA(pkey, rsa)))
427 #ifndef OPENSSL_NO_DSA
428 static EVP_PKEY *load_example_dsa_key(void)
430 EVP_PKEY *ret = NULL;
431 const unsigned char *derp = kExampleDSAKeyDER;
432 EVP_PKEY *pkey = NULL;
435 if (!TEST_true(d2i_DSAPrivateKey(&dsa, &derp, sizeof(kExampleDSAKeyDER))))
438 if (!TEST_ptr(pkey = EVP_PKEY_new())
439 || !TEST_true(EVP_PKEY_set1_DSA(pkey, dsa)))
453 static int test_EVP_Enveloped(void)
456 EVP_CIPHER_CTX *ctx = NULL;
457 EVP_PKEY *keypair = NULL;
458 unsigned char *kek = NULL;
459 unsigned char iv[EVP_MAX_IV_LENGTH];
460 static const unsigned char msg[] = { 1, 2, 3, 4, 5, 6, 7, 8 };
461 int len, kek_len, ciphertext_len, plaintext_len;
462 unsigned char ciphertext[32], plaintext[16];
463 const EVP_CIPHER *type = EVP_aes_256_cbc();
465 if (!TEST_ptr(keypair = load_example_rsa_key())
466 || !TEST_ptr(kek = OPENSSL_zalloc(EVP_PKEY_size(keypair)))
467 || !TEST_ptr(ctx = EVP_CIPHER_CTX_new())
468 || !TEST_true(EVP_SealInit(ctx, type, &kek, &kek_len, iv,
470 || !TEST_true(EVP_SealUpdate(ctx, ciphertext, &ciphertext_len,
472 || !TEST_true(EVP_SealFinal(ctx, ciphertext + ciphertext_len,
476 ciphertext_len += len;
478 if (!TEST_true(EVP_OpenInit(ctx, type, kek, kek_len, iv, keypair))
479 || !TEST_true(EVP_OpenUpdate(ctx, plaintext, &plaintext_len,
480 ciphertext, ciphertext_len))
481 || !TEST_true(EVP_OpenFinal(ctx, plaintext + plaintext_len, &len)))
484 plaintext_len += len;
485 if (!TEST_mem_eq(msg, sizeof(msg), plaintext, plaintext_len))
491 EVP_PKEY_free(keypair);
492 EVP_CIPHER_CTX_free(ctx);
497 * Test 0: Standard calls to EVP_DigestSignInit/Update/Final (RSA)
498 * Test 1: Standard calls to EVP_DigestSignInit/Update/Final (DSA)
499 * Test 2: Use an MD BIO to do the Update calls instead (RSA)
500 * Test 3: Use an MD BIO to do the Update calls instead (DSA)
502 static int test_EVP_DigestSignInit(int tst)
505 EVP_PKEY *pkey = NULL;
506 unsigned char *sig = NULL;
508 EVP_MD_CTX *md_ctx = NULL, *md_ctx_verify = NULL;
509 EVP_MD_CTX *a_md_ctx = NULL, *a_md_ctx_verify = NULL;
510 BIO *mdbio = NULL, *membio = NULL;
514 membio = BIO_new(BIO_s_mem());
515 mdbio = BIO_new(BIO_f_md());
516 if (!TEST_ptr(membio) || !TEST_ptr(mdbio))
518 BIO_push(mdbio, membio);
519 if (!TEST_int_gt(BIO_get_md_ctx(mdbio, &md_ctx), 0))
522 if (!TEST_ptr(a_md_ctx = md_ctx = EVP_MD_CTX_new())
523 || !TEST_ptr(a_md_ctx_verify = md_ctx_verify = EVP_MD_CTX_new()))
527 if (tst == 0 || tst == 2) {
528 if (!TEST_ptr(pkey = load_example_rsa_key()))
531 #ifndef OPENSSL_NO_DSA
532 if (!TEST_ptr(pkey = load_example_dsa_key()))
540 if (!TEST_true(EVP_DigestSignInit(md_ctx, NULL, EVP_sha256(), NULL, pkey)))
544 if (!BIO_write_ex(mdbio, kMsg, sizeof(kMsg), &written))
547 if (!TEST_true(EVP_DigestSignUpdate(md_ctx, kMsg, sizeof(kMsg))))
551 /* Determine the size of the signature. */
552 if (!TEST_true(EVP_DigestSignFinal(md_ctx, NULL, &sig_len))
553 || !TEST_size_t_eq(sig_len, (size_t)EVP_PKEY_size(pkey)))
556 if (!TEST_ptr(sig = OPENSSL_malloc(sig_len))
557 || !TEST_true(EVP_DigestSignFinal(md_ctx, sig, &sig_len)))
561 if (!TEST_int_gt(BIO_reset(mdbio), 0)
562 || !TEST_int_gt(BIO_get_md_ctx(mdbio, &md_ctx_verify), 0))
566 /* Ensure that the signature round-trips. */
567 if (!TEST_true(EVP_DigestVerifyInit(md_ctx_verify, NULL, EVP_sha256(),
572 if (!BIO_write_ex(mdbio, kMsg, sizeof(kMsg), &written))
575 if (!TEST_true(EVP_DigestVerifyUpdate(md_ctx_verify, kMsg,
579 if (!TEST_true(EVP_DigestVerifyFinal(md_ctx_verify, sig, sig_len)))
587 EVP_MD_CTX_free(a_md_ctx);
588 EVP_MD_CTX_free(a_md_ctx_verify);
595 static int test_EVP_DigestVerifyInit(void)
598 EVP_PKEY *pkey = NULL;
599 EVP_MD_CTX *md_ctx = NULL;
601 if (!TEST_ptr(md_ctx = EVP_MD_CTX_new())
602 || !TEST_ptr(pkey = load_example_rsa_key()))
605 if (!TEST_true(EVP_DigestVerifyInit(md_ctx, NULL, EVP_sha256(), NULL, pkey))
606 || !TEST_true(EVP_DigestVerifyUpdate(md_ctx, kMsg, sizeof(kMsg)))
607 || !TEST_true(EVP_DigestVerifyFinal(md_ctx, kSignature,
608 sizeof(kSignature))))
613 EVP_MD_CTX_free(md_ctx);
618 static int test_d2i_AutoPrivateKey(int i)
621 const unsigned char *p;
622 EVP_PKEY *pkey = NULL;
623 const APK_DATA *ak = &keydata[i];
624 const unsigned char *input = ak->kder;
625 size_t input_len = ak->size;
626 int expected_id = ak->evptype;
629 if (!TEST_ptr(pkey = d2i_AutoPrivateKey(NULL, &p, input_len))
630 || !TEST_ptr_eq(p, input + input_len)
631 || !TEST_int_eq(EVP_PKEY_id(pkey), expected_id))
641 #ifndef OPENSSL_NO_EC
643 static const unsigned char ec_public_sect163k1_validxy[] = {
644 0x30, 0x40, 0x30, 0x10, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
645 0x01, 0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x01, 0x03, 0x2c, 0x00, 0x04,
646 0x02, 0x84, 0x58, 0xa6, 0xd4, 0xa0, 0x35, 0x2b, 0xae, 0xf0, 0xc0, 0x69,
647 0x05, 0xcf, 0x2a, 0x50, 0x33, 0xf9, 0xe3, 0x92, 0x79, 0x02, 0xd1, 0x7b,
648 0x9f, 0x22, 0x00, 0xf0, 0x3b, 0x0e, 0x5d, 0x2e, 0xb7, 0x23, 0x24, 0xf3,
649 0x6a, 0xd8, 0x17, 0x65, 0x41, 0x2f
652 static const unsigned char ec_public_sect163k1_badx[] = {
653 0x30, 0x40, 0x30, 0x10, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
654 0x01, 0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x01, 0x03, 0x2c, 0x00, 0x04,
655 0x0a, 0x84, 0x58, 0xa6, 0xd4, 0xa0, 0x35, 0x2b, 0xae, 0xf0, 0xc0, 0x69,
656 0x05, 0xcf, 0x2a, 0x50, 0x33, 0xf9, 0xe3, 0x92, 0xb0, 0x02, 0xd1, 0x7b,
657 0x9f, 0x22, 0x00, 0xf0, 0x3b, 0x0e, 0x5d, 0x2e, 0xb7, 0x23, 0x24, 0xf3,
658 0x6a, 0xd8, 0x17, 0x65, 0x41, 0x2f
661 static const unsigned char ec_public_sect163k1_bady[] = {
662 0x30, 0x40, 0x30, 0x10, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
663 0x01, 0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x01, 0x03, 0x2c, 0x00, 0x04,
664 0x02, 0x84, 0x58, 0xa6, 0xd4, 0xa0, 0x35, 0x2b, 0xae, 0xf0, 0xc0, 0x69,
665 0x05, 0xcf, 0x2a, 0x50, 0x33, 0xf9, 0xe3, 0x92, 0x79, 0x0a, 0xd1, 0x7b,
666 0x9f, 0x22, 0x00, 0xf0, 0x3b, 0x0e, 0x5d, 0x2e, 0xb7, 0x23, 0x24, 0xf3,
667 0x6a, 0xd8, 0x17, 0x65, 0x41, 0xe6
670 static struct ec_der_pub_keys_st {
671 const unsigned char *der;
674 } ec_der_pub_keys[] = {
675 { ec_public_sect163k1_validxy, sizeof(ec_public_sect163k1_validxy), 1 },
676 { ec_public_sect163k1_badx, sizeof(ec_public_sect163k1_badx), 0 },
677 { ec_public_sect163k1_bady, sizeof(ec_public_sect163k1_bady), 0 },
681 * Tests the range of the decoded EC char2 public point.
682 * See ec_GF2m_simple_oct2point().
684 static int test_invalide_ec_char2_pub_range_decode(int id)
688 EC_KEY *eckey = NULL;
690 if (!TEST_ptr(bio = BIO_new_mem_buf(ec_der_pub_keys[id].der,
691 ec_der_pub_keys[id].len)))
693 eckey = d2i_EC_PUBKEY_bio(bio, NULL);
694 ret = (ec_der_pub_keys[id].valid && TEST_ptr(eckey))
695 || TEST_ptr_null(eckey);
702 /* Tests loading a bad key in PKCS8 format */
703 static int test_EVP_PKCS82PKEY(void)
706 const unsigned char *derp = kExampleBadECKeyDER;
707 PKCS8_PRIV_KEY_INFO *p8inf = NULL;
708 EVP_PKEY *pkey = NULL;
710 if (!TEST_ptr(p8inf = d2i_PKCS8_PRIV_KEY_INFO(NULL, &derp,
711 sizeof(kExampleBadECKeyDER))))
714 if (!TEST_ptr_eq(derp,
715 kExampleBadECKeyDER + sizeof(kExampleBadECKeyDER)))
718 if (!TEST_ptr_null(pkey = EVP_PKCS82PKEY(p8inf)))
724 PKCS8_PRIV_KEY_INFO_free(p8inf);
731 #if !defined(OPENSSL_NO_SM2) && !defined(FIPS_MODE)
733 static int test_EVP_SM2_verify(void)
735 /* From https://tools.ietf.org/html/draft-shen-sm2-ecdsa-02#appendix-A */
737 "-----BEGIN PUBLIC KEY-----\n"
738 "MIIBMzCB7AYHKoZIzj0CATCB4AIBATAsBgcqhkjOPQEBAiEAhULWnkwETxjouSQ1\n"
739 "v2/33kVyg5FcRVF9ci7biwjx38MwRAQgeHlotPoyw/0kF4Quc7v+/y88hItoMdfg\n"
740 "7GUiizk35JgEIGPkxtOyOwyEnPhCQUhL/kj2HVmlsWugbm4S0donxSSaBEEEQh3r\n"
741 "1hti6rZ0ZDTrw8wxXjIiCzut1QvcTE5sFH/t1D0GgFEry7QsB9RzSdIVO3DE5df9\n"
742 "/L+jbqGoWEG55G4JogIhAIVC1p5MBE8Y6LkkNb9v990pdyBjBIVijVrnTufDLnm3\n"
743 "AgEBA0IABArkx3mKoPEZRxvuEYJb5GICu3nipYRElel8BP9N8lSKfAJA+I8c1OFj\n"
744 "Uqc8F7fxbwc1PlOhdtaEqf4Ma7eY6Fc=\n"
745 "-----END PUBLIC KEY-----\n";
747 const char *msg = "message digest";
748 const char *id = "ALICE123@YAHOO.COM";
750 const uint8_t signature[] = {
751 0x30, 0x44, 0x02, 0x20,
753 0x40, 0xF1, 0xEC, 0x59, 0xF7, 0x93, 0xD9, 0xF4, 0x9E, 0x09, 0xDC,
754 0xEF, 0x49, 0x13, 0x0D, 0x41, 0x94, 0xF7, 0x9F, 0xB1, 0xEE, 0xD2,
755 0xCA, 0xA5, 0x5B, 0xAC, 0xDB, 0x49, 0xC4, 0xE7, 0x55, 0xD1,
759 0x6F, 0xC6, 0xDA, 0xC3, 0x2C, 0x5D, 0x5C, 0xF1, 0x0C, 0x77, 0xDF,
760 0xB2, 0x0F, 0x7C, 0x2E, 0xB6, 0x67, 0xA4, 0x57, 0x87, 0x2F, 0xB0,
761 0x9E, 0xC5, 0x63, 0x27, 0xA6, 0x7E, 0xC7, 0xDE, 0xEB, 0xE7
766 EVP_PKEY *pkey = NULL;
767 EVP_MD_CTX *mctx = NULL;
768 EVP_PKEY_CTX *pctx = NULL;
770 bio = BIO_new_mem_buf(pubkey, strlen(pubkey));
771 if (!TEST_true(bio != NULL))
774 pkey = PEM_read_bio_PUBKEY(bio, NULL, NULL, NULL);
775 if (!TEST_true(pkey != NULL))
778 if (!TEST_true(EVP_PKEY_set_alias_type(pkey, EVP_PKEY_SM2)))
781 if (!TEST_ptr(mctx = EVP_MD_CTX_new()))
784 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new(pkey, NULL)))
787 if (!TEST_int_gt(EVP_PKEY_CTX_set1_id(pctx, (const uint8_t *)id,
791 EVP_MD_CTX_set_pkey_ctx(mctx, pctx);
793 if (!TEST_true(EVP_DigestVerifyInit(mctx, NULL, EVP_sm3(), NULL, pkey)))
796 if (!TEST_true(EVP_DigestVerifyUpdate(mctx, msg, strlen(msg))))
799 if (!TEST_true(EVP_DigestVerifyFinal(mctx, signature, sizeof(signature))))
806 EVP_PKEY_CTX_free(pctx);
807 EVP_MD_CTX_free(mctx);
811 static int test_EVP_SM2(void)
814 EVP_PKEY *pkey = NULL;
815 EVP_PKEY *params = NULL;
816 EVP_PKEY_CTX *pctx = NULL;
817 EVP_PKEY_CTX *kctx = NULL;
818 EVP_PKEY_CTX *sctx = NULL;
820 unsigned char *sig = NULL;
821 EVP_MD_CTX *md_ctx = NULL;
822 EVP_MD_CTX *md_ctx_verify = NULL;
823 EVP_PKEY_CTX *cctx = NULL;
825 uint8_t ciphertext[128];
826 size_t ctext_len = sizeof(ciphertext);
828 uint8_t plaintext[8];
829 size_t ptext_len = sizeof(plaintext);
831 uint8_t sm2_id[] = {1, 2, 3, 4, 'l', 'e', 't', 't', 'e', 'r'};
833 pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_EC, NULL);
837 if (!TEST_true(EVP_PKEY_paramgen_init(pctx) == 1))
840 if (!TEST_true(EVP_PKEY_CTX_set_ec_paramgen_curve_nid(pctx, NID_sm2)))
843 if (!TEST_true(EVP_PKEY_paramgen(pctx, ¶ms)))
846 kctx = EVP_PKEY_CTX_new(params, NULL);
850 if (!TEST_true(EVP_PKEY_keygen_init(kctx)))
853 if (!TEST_true(EVP_PKEY_keygen(kctx, &pkey)))
856 if (!TEST_true(EVP_PKEY_set_alias_type(pkey, EVP_PKEY_SM2)))
859 if (!TEST_ptr(md_ctx = EVP_MD_CTX_new()))
862 if (!TEST_ptr(md_ctx_verify = EVP_MD_CTX_new()))
865 if (!TEST_ptr(sctx = EVP_PKEY_CTX_new(pkey, NULL)))
868 EVP_MD_CTX_set_pkey_ctx(md_ctx, sctx);
869 EVP_MD_CTX_set_pkey_ctx(md_ctx_verify, sctx);
871 if (!TEST_int_gt(EVP_PKEY_CTX_set1_id(sctx, sm2_id, sizeof(sm2_id)), 0))
874 if (!TEST_true(EVP_DigestSignInit(md_ctx, NULL, EVP_sm3(), NULL, pkey)))
877 if(!TEST_true(EVP_DigestSignUpdate(md_ctx, kMsg, sizeof(kMsg))))
880 /* Determine the size of the signature. */
881 if (!TEST_true(EVP_DigestSignFinal(md_ctx, NULL, &sig_len)))
884 if (!TEST_size_t_eq(sig_len, (size_t)EVP_PKEY_size(pkey)))
887 if (!TEST_ptr(sig = OPENSSL_malloc(sig_len)))
890 if (!TEST_true(EVP_DigestSignFinal(md_ctx, sig, &sig_len)))
893 /* Ensure that the signature round-trips. */
895 if (!TEST_true(EVP_DigestVerifyInit(md_ctx_verify, NULL, EVP_sm3(), NULL, pkey)))
898 if (!TEST_true(EVP_DigestVerifyUpdate(md_ctx_verify, kMsg, sizeof(kMsg))))
901 if (!TEST_true(EVP_DigestVerifyFinal(md_ctx_verify, sig, sig_len)))
904 /* now check encryption/decryption */
906 if (!TEST_ptr(cctx = EVP_PKEY_CTX_new(pkey, NULL)))
909 if (!TEST_true(EVP_PKEY_encrypt_init(cctx)))
912 if (!TEST_true(EVP_PKEY_encrypt(cctx, ciphertext, &ctext_len, kMsg, sizeof(kMsg))))
915 if (!TEST_true(EVP_PKEY_decrypt_init(cctx)))
918 if (!TEST_true(EVP_PKEY_decrypt(cctx, plaintext, &ptext_len, ciphertext, ctext_len)))
921 if (!TEST_true(ptext_len == sizeof(kMsg)))
924 if (!TEST_true(memcmp(plaintext, kMsg, sizeof(kMsg)) == 0))
929 EVP_PKEY_CTX_free(pctx);
930 EVP_PKEY_CTX_free(kctx);
931 EVP_PKEY_CTX_free(sctx);
932 EVP_PKEY_CTX_free(cctx);
934 EVP_PKEY_free(params);
935 EVP_MD_CTX_free(md_ctx);
936 EVP_MD_CTX_free(md_ctx_verify);
943 static struct keys_st {
949 EVP_PKEY_HMAC, "0123456789", NULL
951 EVP_PKEY_POLY1305, "01234567890123456789012345678901", NULL
953 EVP_PKEY_SIPHASH, "0123456789012345", NULL
955 #ifndef OPENSSL_NO_EC
957 EVP_PKEY_X25519, "01234567890123456789012345678901",
958 "abcdefghijklmnopqrstuvwxyzabcdef"
960 EVP_PKEY_ED25519, "01234567890123456789012345678901",
961 "abcdefghijklmnopqrstuvwxyzabcdef"
964 "01234567890123456789012345678901234567890123456789012345",
965 "abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcd"
968 "012345678901234567890123456789012345678901234567890123456",
969 "abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcde"
974 static int test_set_get_raw_keys_int(int tst, int pub)
977 unsigned char buf[80];
979 size_t inlen, len = 0;
982 /* Check if this algorithm supports public keys */
983 if (keys[tst].pub == NULL)
986 memset(buf, 0, sizeof(buf));
989 inlen = strlen(keys[tst].pub);
990 in = (unsigned char *)keys[tst].pub;
991 pkey = EVP_PKEY_new_raw_public_key(keys[tst].type,
996 inlen = strlen(keys[tst].priv);
997 in = (unsigned char *)keys[tst].priv;
998 pkey = EVP_PKEY_new_raw_private_key(keys[tst].type,
1005 || (!pub && !TEST_true(EVP_PKEY_get_raw_private_key(pkey, NULL, &len)))
1006 || (pub && !TEST_true(EVP_PKEY_get_raw_public_key(pkey, NULL, &len)))
1007 || !TEST_true(len == inlen)
1008 || (!pub && !TEST_true(EVP_PKEY_get_raw_private_key(pkey, buf, &len)))
1009 || (pub && !TEST_true(EVP_PKEY_get_raw_public_key(pkey, buf, &len)))
1010 || !TEST_mem_eq(in, inlen, buf, len))
1015 EVP_PKEY_free(pkey);
1019 static int test_set_get_raw_keys(int tst)
1021 return test_set_get_raw_keys_int(tst, 0)
1022 && test_set_get_raw_keys_int(tst, 1);
1025 static int pkey_custom_check(EVP_PKEY *pkey)
1030 static int pkey_custom_pub_check(EVP_PKEY *pkey)
1035 static int pkey_custom_param_check(EVP_PKEY *pkey)
1040 static EVP_PKEY_METHOD *custom_pmeth;
1042 static int test_EVP_PKEY_check(int i)
1045 const unsigned char *p;
1046 EVP_PKEY *pkey = NULL;
1047 #ifndef OPENSSL_NO_EC
1048 EC_KEY *eckey = NULL;
1050 EVP_PKEY_CTX *ctx = NULL;
1051 EVP_PKEY_CTX *ctx2 = NULL;
1052 const APK_DATA *ak = &keycheckdata[i];
1053 const unsigned char *input = ak->kder;
1054 size_t input_len = ak->size;
1055 int expected_id = ak->evptype;
1056 int expected_check = ak->check;
1057 int expected_pub_check = ak->pub_check;
1058 int expected_param_check = ak->param_check;
1059 int type = ak->type;
1066 if (!TEST_ptr(pkey = d2i_AutoPrivateKey(NULL, &p, input_len))
1067 || !TEST_ptr_eq(p, input + input_len)
1068 || !TEST_int_eq(EVP_PKEY_id(pkey), expected_id))
1071 #ifndef OPENSSL_NO_EC
1073 if (!TEST_ptr(pubkey = BIO_new_mem_buf(input, input_len))
1074 || !TEST_ptr(eckey = d2i_EC_PUBKEY_bio(pubkey, NULL))
1075 || !TEST_ptr(pkey = EVP_PKEY_new())
1076 || !TEST_true(EVP_PKEY_assign_EC_KEY(pkey, eckey)))
1080 if (!TEST_ptr(eckey = d2i_ECParameters(NULL, &p, input_len))
1081 || !TEST_ptr_eq(p, input + input_len)
1082 || !TEST_ptr(pkey = EVP_PKEY_new())
1083 || !TEST_true(EVP_PKEY_assign_EC_KEY(pkey, eckey)))
1091 if (!TEST_ptr(ctx = EVP_PKEY_CTX_new(pkey, NULL)))
1094 if (!TEST_int_eq(EVP_PKEY_check(ctx), expected_check))
1097 if (!TEST_int_eq(EVP_PKEY_public_check(ctx), expected_pub_check))
1100 if (!TEST_int_eq(EVP_PKEY_param_check(ctx), expected_param_check))
1103 ctx2 = EVP_PKEY_CTX_new_id(0xdefaced, NULL);
1104 /* assign the pkey directly, as an internal test */
1105 EVP_PKEY_up_ref(pkey);
1108 if (!TEST_int_eq(EVP_PKEY_check(ctx2), 0xbeef))
1111 if (!TEST_int_eq(EVP_PKEY_public_check(ctx2), 0xbeef))
1114 if (!TEST_int_eq(EVP_PKEY_param_check(ctx2), 0xbeef))
1120 EVP_PKEY_CTX_free(ctx);
1121 EVP_PKEY_CTX_free(ctx2);
1122 EVP_PKEY_free(pkey);
1127 static int test_HKDF(void)
1130 unsigned char out[20];
1133 unsigned char salt[] = "0123456789";
1134 unsigned char key[] = "012345678901234567890123456789";
1135 unsigned char info[] = "infostring";
1136 const unsigned char expected[] = {
1137 0xe5, 0x07, 0x70, 0x7f, 0xc6, 0x78, 0xd6, 0x54, 0x32, 0x5f, 0x7e, 0xc5,
1138 0x7b, 0x59, 0x3e, 0xd8, 0x03, 0x6b, 0xed, 0xca
1140 size_t expectedlen = sizeof(expected);
1142 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_HKDF, NULL)))
1145 /* We do this twice to test reuse of the EVP_PKEY_CTX */
1146 for (i = 0; i < 2; i++) {
1147 outlen = sizeof(out);
1148 memset(out, 0, outlen);
1150 if (!TEST_int_gt(EVP_PKEY_derive_init(pctx), 0)
1151 || !TEST_int_gt(EVP_PKEY_CTX_set_hkdf_md(pctx, EVP_sha256()), 0)
1152 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_salt(pctx, salt,
1153 sizeof(salt) - 1), 0)
1154 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_key(pctx, key,
1155 sizeof(key) - 1), 0)
1156 || !TEST_int_gt(EVP_PKEY_CTX_add1_hkdf_info(pctx, info,
1157 sizeof(info) - 1), 0)
1158 || !TEST_int_gt(EVP_PKEY_derive(pctx, out, &outlen), 0)
1159 || !TEST_mem_eq(out, outlen, expected, expectedlen))
1166 EVP_PKEY_CTX_free(pctx);
1171 #ifndef OPENSSL_NO_EC
1172 static int test_X509_PUBKEY_inplace(void)
1175 X509_PUBKEY *xp = NULL;
1176 const unsigned char *p = kExampleECPubKeyDER;
1177 size_t input_len = sizeof(kExampleECPubKeyDER);
1179 if (!TEST_ptr(xp = d2i_X509_PUBKEY(NULL, &p, input_len)))
1182 if (!TEST_ptr(X509_PUBKEY_get0(xp)))
1185 p = kExampleBadECPubKeyDER;
1186 input_len = sizeof(kExampleBadECPubKeyDER);
1188 if (!TEST_ptr(xp = d2i_X509_PUBKEY(&xp, &p, input_len)))
1191 if (!TEST_true(X509_PUBKEY_get0(xp) == NULL))
1197 X509_PUBKEY_free(xp);
1200 #endif /* OPENSSL_NO_EC */
1202 #ifndef OPENSSL_NO_DSA
1203 /* Test getting and setting parameters on an EVP_PKEY_CTX */
1204 static int test_EVP_PKEY_CTX_get_set_params(void)
1206 EVP_MD_CTX *mdctx = NULL;
1207 EVP_PKEY_CTX *ctx = NULL;
1208 EVP_SIGNATURE *dsaimpl = NULL;
1209 const OSSL_PARAM *params;
1210 OSSL_PARAM ourparams[2], *param = ourparams;
1212 BIGNUM *p = NULL, *q = NULL, *g = NULL, *pub = NULL, *priv = NULL;
1213 EVP_PKEY *pkey = NULL;
1216 size_t mdsize = SHA512_DIGEST_LENGTH;
1220 * Setup the parameters for our DSA object. For our purposes they don't
1221 * have to actually be *valid* parameters. We just need to set something.
1234 || !DSA_set0_pqg(dsa, p, q, g)
1235 || !DSA_set0_key(dsa, pub, priv))
1237 p = q = g = pub = priv = NULL;
1239 pkey = EVP_PKEY_new();
1241 || !TEST_true(EVP_PKEY_assign_DSA(pkey, dsa)))
1246 /* Initialise a sign operation */
1247 ctx = EVP_PKEY_CTX_new(pkey, NULL);
1249 || !TEST_int_gt(EVP_PKEY_sign_init(ctx), 0))
1253 * We should be able to query the parameters now. The default DSA
1254 * implementation supports exactly one parameter - so we expect to see that
1255 * returned and no more.
1257 params = EVP_PKEY_CTX_settable_params(ctx);
1258 if (!TEST_ptr(params)
1259 || !TEST_int_eq(strcmp(params[0].key,
1260 OSSL_SIGNATURE_PARAM_DIGEST_SIZE), 0)
1261 || !TEST_int_eq(strcmp(params[1].key, OSSL_SIGNATURE_PARAM_DIGEST),
1263 /* The final key should be NULL */
1264 || !TEST_ptr_null(params[2].key))
1267 /* Gettable params are the same as the settable ones */
1268 params = EVP_PKEY_CTX_gettable_params(ctx);
1269 if (!TEST_ptr(params)
1270 || !TEST_int_eq(strcmp(params[0].key,
1271 OSSL_SIGNATURE_PARAM_DIGEST_SIZE), 0)
1272 || !TEST_int_eq(strcmp(params[1].key, OSSL_SIGNATURE_PARAM_DIGEST),
1274 /* The final key should be NULL */
1275 || !TEST_ptr_null(params[2].key))
1279 * Test getting and setting params via EVP_PKEY_CTX_set_params() and
1280 * EVP_PKEY_CTX_get_params()
1282 *param++ = OSSL_PARAM_construct_size_t(OSSL_SIGNATURE_PARAM_DIGEST_SIZE,
1284 *param++ = OSSL_PARAM_construct_end();
1286 if (!TEST_true(EVP_PKEY_CTX_set_params(ctx, ourparams)))
1290 if (!TEST_true(EVP_PKEY_CTX_get_params(ctx, ourparams))
1291 || !TEST_size_t_eq(mdsize, SHA512_DIGEST_LENGTH))
1295 * Test the TEST_PKEY_CTX_set_signature_md() and
1296 * TEST_PKEY_CTX_get_signature_md() functions
1298 if (!TEST_int_gt(EVP_PKEY_CTX_set_signature_md(ctx, EVP_sha256()), 0)
1299 || !TEST_int_gt(EVP_PKEY_CTX_get_signature_md(ctx, &md), 0)
1300 || !TEST_ptr_eq(md, EVP_sha256()))
1304 * Test getting MD parameters via an associated EVP_PKEY_CTX
1306 mdctx = EVP_MD_CTX_new();
1307 if (!TEST_ptr(mdctx)
1308 || !TEST_true(EVP_DigestSignInit_ex(mdctx, NULL, "SHA1", NULL, pkey)))
1312 * We now have an EVP_MD_CTX with an EVP_PKEY_CTX inside it. We should be
1313 * able to obtain the digest's settable parameters from the provider.
1315 params = EVP_MD_CTX_settable_params(mdctx);
1316 if (!TEST_ptr(params)
1317 || !TEST_int_eq(strcmp(params[0].key, OSSL_DIGEST_PARAM_SSL3_MS), 0)
1318 /* The final key should be NULL */
1319 || !TEST_ptr_null(params[1].key))
1323 memset(ssl3ms, 0, sizeof(ssl3ms));
1324 *param++ = OSSL_PARAM_construct_octet_string(OSSL_DIGEST_PARAM_SSL3_MS,
1325 ssl3ms, sizeof(ssl3ms));
1326 *param++ = OSSL_PARAM_construct_end();
1328 if (!TEST_true(EVP_MD_CTX_set_params(mdctx, ourparams)))
1334 EVP_MD_CTX_free(mdctx);
1335 EVP_PKEY_CTX_free(ctx);
1336 EVP_SIGNATURE_free(dsaimpl);
1337 EVP_PKEY_free(pkey);
1349 #if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
1350 static int test_decrypt_null_chunks(void)
1352 EVP_CIPHER_CTX* ctx = NULL;
1353 const unsigned char key[32] = {
1354 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
1355 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
1356 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1
1358 unsigned char iv[12] = {
1359 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b
1361 unsigned char msg[] = "It was the best of times, it was the worst of times";
1362 unsigned char ciphertext[80];
1363 unsigned char plaintext[80];
1364 /* We initialise tmp to a non zero value on purpose */
1365 int ctlen, ptlen, tmp = 99;
1367 const int enc_offset = 10, dec_offset = 20;
1369 if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new())
1370 || !TEST_true(EVP_EncryptInit_ex(ctx, EVP_chacha20_poly1305(), NULL,
1372 || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext, &ctlen, msg,
1374 /* Deliberate add a zero length update */
1375 || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext + ctlen, &tmp, NULL,
1377 || !TEST_int_eq(tmp, 0)
1378 || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext + ctlen, &tmp,
1380 sizeof(msg) - enc_offset))
1381 || !TEST_int_eq(ctlen += tmp, sizeof(msg))
1382 || !TEST_true(EVP_EncryptFinal(ctx, ciphertext + ctlen, &tmp))
1383 || !TEST_int_eq(tmp, 0))
1386 /* Deliberately initialise tmp to a non zero value */
1388 if (!TEST_true(EVP_DecryptInit_ex(ctx, EVP_chacha20_poly1305(), NULL, key,
1390 || !TEST_true(EVP_DecryptUpdate(ctx, plaintext, &ptlen, ciphertext,
1393 * Deliberately add a zero length update. We also deliberately do
1394 * this at a different offset than for encryption.
1396 || !TEST_true(EVP_DecryptUpdate(ctx, plaintext + ptlen, &tmp, NULL,
1398 || !TEST_int_eq(tmp, 0)
1399 || !TEST_true(EVP_DecryptUpdate(ctx, plaintext + ptlen, &tmp,
1400 ciphertext + dec_offset,
1401 ctlen - dec_offset))
1402 || !TEST_int_eq(ptlen += tmp, sizeof(msg))
1403 || !TEST_true(EVP_DecryptFinal(ctx, plaintext + ptlen, &tmp))
1404 || !TEST_int_eq(tmp, 0)
1405 || !TEST_mem_eq(msg, sizeof(msg), plaintext, ptlen))
1410 EVP_CIPHER_CTX_free(ctx);
1413 #endif /* !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305) */
1415 int setup_tests(void)
1417 ADD_ALL_TESTS(test_EVP_DigestSignInit, 4);
1418 ADD_TEST(test_EVP_DigestVerifyInit);
1419 ADD_TEST(test_EVP_Enveloped);
1420 ADD_ALL_TESTS(test_d2i_AutoPrivateKey, OSSL_NELEM(keydata));
1421 #ifndef OPENSSL_NO_EC
1422 ADD_TEST(test_EVP_PKCS82PKEY);
1424 #if !defined(OPENSSL_NO_SM2) && !defined(FIPS_MODE)
1425 ADD_TEST(test_EVP_SM2);
1426 ADD_TEST(test_EVP_SM2_verify);
1428 ADD_ALL_TESTS(test_set_get_raw_keys, OSSL_NELEM(keys));
1429 custom_pmeth = EVP_PKEY_meth_new(0xdefaced, 0);
1430 if (!TEST_ptr(custom_pmeth))
1432 EVP_PKEY_meth_set_check(custom_pmeth, pkey_custom_check);
1433 EVP_PKEY_meth_set_public_check(custom_pmeth, pkey_custom_pub_check);
1434 EVP_PKEY_meth_set_param_check(custom_pmeth, pkey_custom_param_check);
1435 if (!TEST_int_eq(EVP_PKEY_meth_add0(custom_pmeth), 1))
1437 ADD_ALL_TESTS(test_EVP_PKEY_check, OSSL_NELEM(keycheckdata));
1438 ADD_TEST(test_HKDF);
1439 #ifndef OPENSSL_NO_EC
1440 ADD_TEST(test_X509_PUBKEY_inplace);
1441 ADD_ALL_TESTS(test_invalide_ec_char2_pub_range_decode,
1442 OSSL_NELEM(ec_der_pub_keys));
1444 #ifndef OPENSSL_NO_DSA
1445 ADD_TEST(test_EVP_PKEY_CTX_get_set_params);
1447 #if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
1448 ADD_TEST(test_decrypt_null_chunks);