2 * Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved.
4 * Licensed under the OpenSSL license (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
13 #include <openssl/bio.h>
14 #include <openssl/crypto.h>
15 #include <openssl/err.h>
16 #include <openssl/evp.h>
17 #include <openssl/rsa.h>
18 #include <openssl/x509.h>
19 #include <openssl/pem.h>
20 #include <openssl/kdf.h>
22 #include "internal/nelem.h"
23 #include "internal/evp_int.h"
26 * kExampleRSAKeyDER is an RSA private key in ASN.1, DER format. Of course, you
27 * should never use this key anywhere but in an example.
29 static const unsigned char kExampleRSAKeyDER[] = {
30 0x30, 0x82, 0x02, 0x5c, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81, 0x00, 0xf8,
31 0xb8, 0x6c, 0x83, 0xb4, 0xbc, 0xd9, 0xa8, 0x57, 0xc0, 0xa5, 0xb4, 0x59,
32 0x76, 0x8c, 0x54, 0x1d, 0x79, 0xeb, 0x22, 0x52, 0x04, 0x7e, 0xd3, 0x37,
33 0xeb, 0x41, 0xfd, 0x83, 0xf9, 0xf0, 0xa6, 0x85, 0x15, 0x34, 0x75, 0x71,
34 0x5a, 0x84, 0xa8, 0x3c, 0xd2, 0xef, 0x5a, 0x4e, 0xd3, 0xde, 0x97, 0x8a,
35 0xdd, 0xff, 0xbb, 0xcf, 0x0a, 0xaa, 0x86, 0x92, 0xbe, 0xb8, 0x50, 0xe4,
36 0xcd, 0x6f, 0x80, 0x33, 0x30, 0x76, 0x13, 0x8f, 0xca, 0x7b, 0xdc, 0xec,
37 0x5a, 0xca, 0x63, 0xc7, 0x03, 0x25, 0xef, 0xa8, 0x8a, 0x83, 0x58, 0x76,
38 0x20, 0xfa, 0x16, 0x77, 0xd7, 0x79, 0x92, 0x63, 0x01, 0x48, 0x1a, 0xd8,
39 0x7b, 0x67, 0xf1, 0x52, 0x55, 0x49, 0x4e, 0xd6, 0x6e, 0x4a, 0x5c, 0xd7,
40 0x7a, 0x37, 0x36, 0x0c, 0xde, 0xdd, 0x8f, 0x44, 0xe8, 0xc2, 0xa7, 0x2c,
41 0x2b, 0xb5, 0xaf, 0x64, 0x4b, 0x61, 0x07, 0x02, 0x03, 0x01, 0x00, 0x01,
42 0x02, 0x81, 0x80, 0x74, 0x88, 0x64, 0x3f, 0x69, 0x45, 0x3a, 0x6d, 0xc7,
43 0x7f, 0xb9, 0xa3, 0xc0, 0x6e, 0xec, 0xdc, 0xd4, 0x5a, 0xb5, 0x32, 0x85,
44 0x5f, 0x19, 0xd4, 0xf8, 0xd4, 0x3f, 0x3c, 0xfa, 0xc2, 0xf6, 0x5f, 0xee,
45 0xe6, 0xba, 0x87, 0x74, 0x2e, 0xc7, 0x0c, 0xd4, 0x42, 0xb8, 0x66, 0x85,
46 0x9c, 0x7b, 0x24, 0x61, 0xaa, 0x16, 0x11, 0xf6, 0xb5, 0xb6, 0xa4, 0x0a,
47 0xc9, 0x55, 0x2e, 0x81, 0xa5, 0x47, 0x61, 0xcb, 0x25, 0x8f, 0xc2, 0x15,
48 0x7b, 0x0e, 0x7c, 0x36, 0x9f, 0x3a, 0xda, 0x58, 0x86, 0x1c, 0x5b, 0x83,
49 0x79, 0xe6, 0x2b, 0xcc, 0xe6, 0xfa, 0x2c, 0x61, 0xf2, 0x78, 0x80, 0x1b,
50 0xe2, 0xf3, 0x9d, 0x39, 0x2b, 0x65, 0x57, 0x91, 0x3d, 0x71, 0x99, 0x73,
51 0xa5, 0xc2, 0x79, 0x20, 0x8c, 0x07, 0x4f, 0xe5, 0xb4, 0x60, 0x1f, 0x99,
52 0xa2, 0xb1, 0x4f, 0x0c, 0xef, 0xbc, 0x59, 0x53, 0x00, 0x7d, 0xb1, 0x02,
53 0x41, 0x00, 0xfc, 0x7e, 0x23, 0x65, 0x70, 0xf8, 0xce, 0xd3, 0x40, 0x41,
54 0x80, 0x6a, 0x1d, 0x01, 0xd6, 0x01, 0xff, 0xb6, 0x1b, 0x3d, 0x3d, 0x59,
55 0x09, 0x33, 0x79, 0xc0, 0x4f, 0xde, 0x96, 0x27, 0x4b, 0x18, 0xc6, 0xd9,
56 0x78, 0xf1, 0xf4, 0x35, 0x46, 0xe9, 0x7c, 0x42, 0x7a, 0x5d, 0x9f, 0xef,
57 0x54, 0xb8, 0xf7, 0x9f, 0xc4, 0x33, 0x6c, 0xf3, 0x8c, 0x32, 0x46, 0x87,
58 0x67, 0x30, 0x7b, 0xa7, 0xac, 0xe3, 0x02, 0x41, 0x00, 0xfc, 0x2c, 0xdf,
59 0x0c, 0x0d, 0x88, 0xf5, 0xb1, 0x92, 0xa8, 0x93, 0x47, 0x63, 0x55, 0xf5,
60 0xca, 0x58, 0x43, 0xba, 0x1c, 0xe5, 0x9e, 0xb6, 0x95, 0x05, 0xcd, 0xb5,
61 0x82, 0xdf, 0xeb, 0x04, 0x53, 0x9d, 0xbd, 0xc2, 0x38, 0x16, 0xb3, 0x62,
62 0xdd, 0xa1, 0x46, 0xdb, 0x6d, 0x97, 0x93, 0x9f, 0x8a, 0xc3, 0x9b, 0x64,
63 0x7e, 0x42, 0xe3, 0x32, 0x57, 0x19, 0x1b, 0xd5, 0x6e, 0x85, 0xfa, 0xb8,
64 0x8d, 0x02, 0x41, 0x00, 0xbc, 0x3d, 0xde, 0x6d, 0xd6, 0x97, 0xe8, 0xba,
65 0x9e, 0x81, 0x37, 0x17, 0xe5, 0xa0, 0x64, 0xc9, 0x00, 0xb7, 0xe7, 0xfe,
66 0xf4, 0x29, 0xd9, 0x2e, 0x43, 0x6b, 0x19, 0x20, 0xbd, 0x99, 0x75, 0xe7,
67 0x76, 0xf8, 0xd3, 0xae, 0xaf, 0x7e, 0xb8, 0xeb, 0x81, 0xf4, 0x9d, 0xfe,
68 0x07, 0x2b, 0x0b, 0x63, 0x0b, 0x5a, 0x55, 0x90, 0x71, 0x7d, 0xf1, 0xdb,
69 0xd9, 0xb1, 0x41, 0x41, 0x68, 0x2f, 0x4e, 0x39, 0x02, 0x40, 0x5a, 0x34,
70 0x66, 0xd8, 0xf5, 0xe2, 0x7f, 0x18, 0xb5, 0x00, 0x6e, 0x26, 0x84, 0x27,
71 0x14, 0x93, 0xfb, 0xfc, 0xc6, 0x0f, 0x5e, 0x27, 0xe6, 0xe1, 0xe9, 0xc0,
72 0x8a, 0xe4, 0x34, 0xda, 0xe9, 0xa2, 0x4b, 0x73, 0xbc, 0x8c, 0xb9, 0xba,
73 0x13, 0x6c, 0x7a, 0x2b, 0x51, 0x84, 0xa3, 0x4a, 0xe0, 0x30, 0x10, 0x06,
74 0x7e, 0xed, 0x17, 0x5a, 0x14, 0x00, 0xc9, 0xef, 0x85, 0xea, 0x52, 0x2c,
75 0xbc, 0x65, 0x02, 0x40, 0x51, 0xe3, 0xf2, 0x83, 0x19, 0x9b, 0xc4, 0x1e,
76 0x2f, 0x50, 0x3d, 0xdf, 0x5a, 0xa2, 0x18, 0xca, 0x5f, 0x2e, 0x49, 0xaf,
77 0x6f, 0xcc, 0xfa, 0x65, 0x77, 0x94, 0xb5, 0xa1, 0x0a, 0xa9, 0xd1, 0x8a,
78 0x39, 0x37, 0xf4, 0x0b, 0xa0, 0xd7, 0x82, 0x27, 0x5e, 0xae, 0x17, 0x17,
79 0xa1, 0x1e, 0x54, 0x34, 0xbf, 0x6e, 0xc4, 0x8e, 0x99, 0x5d, 0x08, 0xf1,
80 0x2d, 0x86, 0x9d, 0xa5, 0x20, 0x1b, 0xe5, 0xdf,
84 * kExampleBadRSAKeyDER is an RSA private key in ASN.1, DER format. The private
85 * components are not correct.
87 static const unsigned char kExampleBadRSAKeyDER[] = {
88 0x30, 0x82, 0x04, 0x27, 0x02, 0x01, 0x00, 0x02, 0x82, 0x01, 0x01, 0x00,
89 0xa6, 0x1a, 0x1e, 0x6e, 0x7b, 0xee, 0xc6, 0x89, 0x66, 0xe7, 0x93, 0xef,
90 0x54, 0x12, 0x68, 0xea, 0xbf, 0x86, 0x2f, 0xdd, 0xd2, 0x79, 0xb8, 0xa9,
91 0x6e, 0x03, 0xc2, 0xa3, 0xb9, 0xa3, 0xe1, 0x4b, 0x2a, 0xb3, 0xf8, 0xb4,
92 0xcd, 0xea, 0xbe, 0x24, 0xa6, 0x57, 0x5b, 0x83, 0x1f, 0x0f, 0xf2, 0xd3,
93 0xb7, 0xac, 0x7e, 0xd6, 0x8e, 0x6e, 0x1e, 0xbf, 0xb8, 0x73, 0x8c, 0x05,
94 0x56, 0xe6, 0x35, 0x1f, 0xe9, 0x04, 0x0b, 0x09, 0x86, 0x7d, 0xf1, 0x26,
95 0x08, 0x99, 0xad, 0x7b, 0xc8, 0x4d, 0x94, 0xb0, 0x0b, 0x8b, 0x38, 0xa0,
96 0x5c, 0x62, 0xa0, 0xab, 0xd3, 0x8f, 0xd4, 0x09, 0x60, 0x72, 0x1e, 0x33,
97 0x50, 0x80, 0x6e, 0x22, 0xa6, 0x77, 0x57, 0x6b, 0x9a, 0x33, 0x21, 0x66,
98 0x87, 0x6e, 0x21, 0x7b, 0xc7, 0x24, 0x0e, 0xd8, 0x13, 0xdf, 0x83, 0xde,
99 0xcd, 0x40, 0x58, 0x1d, 0x84, 0x86, 0xeb, 0xb8, 0x12, 0x4e, 0xd2, 0xfa,
100 0x80, 0x1f, 0xe4, 0xe7, 0x96, 0x29, 0xb8, 0xcc, 0xce, 0x66, 0x6d, 0x53,
101 0xca, 0xb9, 0x5a, 0xd7, 0xf6, 0x84, 0x6c, 0x2d, 0x9a, 0x1a, 0x14, 0x1c,
102 0x4e, 0x93, 0x39, 0xba, 0x74, 0xed, 0xed, 0x87, 0x87, 0x5e, 0x48, 0x75,
103 0x36, 0xf0, 0xbc, 0x34, 0xfb, 0x29, 0xf9, 0x9f, 0x96, 0x5b, 0x0b, 0xa7,
104 0x54, 0x30, 0x51, 0x29, 0x18, 0x5b, 0x7d, 0xac, 0x0f, 0xd6, 0x5f, 0x7c,
105 0xf8, 0x98, 0x8c, 0xd8, 0x86, 0x62, 0xb3, 0xdc, 0xff, 0x0f, 0xff, 0x7a,
106 0xaf, 0x5c, 0x4c, 0x61, 0x49, 0x2e, 0xc8, 0x95, 0x86, 0xc4, 0x0e, 0x87,
107 0xfc, 0x1d, 0xcf, 0x8b, 0x7c, 0x61, 0xf6, 0xd8, 0xd0, 0x69, 0xf6, 0xcd,
108 0x8a, 0x8c, 0xf6, 0x62, 0xa2, 0x56, 0xa9, 0xe3, 0xd1, 0xcf, 0x4d, 0xa0,
109 0xf6, 0x2d, 0x20, 0x0a, 0x04, 0xb7, 0xa2, 0xf7, 0xb5, 0x99, 0x47, 0x18,
110 0x56, 0x85, 0x87, 0xc7, 0x02, 0x03, 0x01, 0x00, 0x01, 0x02, 0x82, 0x01,
111 0x01, 0x00, 0x99, 0x41, 0x38, 0x1a, 0xd0, 0x96, 0x7a, 0xf0, 0x83, 0xd5,
112 0xdf, 0x94, 0xce, 0x89, 0x3d, 0xec, 0x7a, 0x52, 0x21, 0x10, 0x16, 0x06,
113 0xe0, 0xee, 0xd2, 0xe6, 0xfd, 0x4b, 0x7b, 0x19, 0x4d, 0xe1, 0xc0, 0xc0,
114 0xd5, 0x14, 0x5d, 0x79, 0xdd, 0x7e, 0x8b, 0x4b, 0xc6, 0xcf, 0xb0, 0x75,
115 0x52, 0xa3, 0x2d, 0xb1, 0x26, 0x46, 0x68, 0x9c, 0x0a, 0x1a, 0xf2, 0xe1,
116 0x09, 0xac, 0x53, 0x85, 0x8c, 0x36, 0xa9, 0x14, 0x65, 0xea, 0xa0, 0x00,
117 0xcb, 0xe3, 0x3f, 0xc4, 0x2b, 0x61, 0x2e, 0x6b, 0x06, 0x69, 0x77, 0xfd,
118 0x38, 0x7e, 0x1d, 0x3f, 0x92, 0xe7, 0x77, 0x08, 0x19, 0xa7, 0x9d, 0x29,
119 0x2d, 0xdc, 0x42, 0xc6, 0x7c, 0xd7, 0xd3, 0xa8, 0x01, 0x2c, 0xf2, 0xd5,
120 0x82, 0x57, 0xcb, 0x55, 0x3d, 0xe7, 0xaa, 0xd2, 0x06, 0x30, 0x30, 0x05,
121 0xe6, 0xf2, 0x47, 0x86, 0xba, 0xc6, 0x61, 0x64, 0xeb, 0x4f, 0x2a, 0x5e,
122 0x07, 0x29, 0xe0, 0x96, 0xb2, 0x43, 0xff, 0x5f, 0x1a, 0x54, 0x16, 0xcf,
123 0xb5, 0x56, 0x5c, 0xa0, 0x9b, 0x0c, 0xfd, 0xb3, 0xd2, 0xe3, 0x79, 0x1d,
124 0x21, 0xe2, 0xd6, 0x13, 0xc4, 0x74, 0xa6, 0xf5, 0x8e, 0x8e, 0x81, 0xbb,
125 0xb4, 0xad, 0x8a, 0xf0, 0x93, 0x0a, 0xd8, 0x0a, 0x42, 0x36, 0xbc, 0xe5,
126 0x26, 0x2a, 0x0d, 0x5d, 0x57, 0x13, 0xc5, 0x4e, 0x2f, 0x12, 0x0e, 0xef,
127 0xa7, 0x81, 0x1e, 0xc3, 0xa5, 0xdb, 0xc9, 0x24, 0xeb, 0x1a, 0xa1, 0xf9,
128 0xf6, 0xa1, 0x78, 0x98, 0x93, 0x77, 0x42, 0x45, 0x03, 0xe2, 0xc9, 0xa2,
129 0xfe, 0x2d, 0x77, 0xc8, 0xc6, 0xac, 0x9b, 0x98, 0x89, 0x6d, 0x9a, 0xe7,
130 0x61, 0x63, 0xb7, 0xf2, 0xec, 0xd6, 0xb1, 0xa1, 0x6e, 0x0a, 0x1a, 0xff,
131 0xfd, 0x43, 0x28, 0xc3, 0x0c, 0xdc, 0xf2, 0x47, 0x4f, 0x27, 0xaa, 0x99,
132 0x04, 0x8e, 0xac, 0xe8, 0x7c, 0x01, 0x02, 0x04, 0x12, 0x34, 0x56, 0x78,
133 0x02, 0x81, 0x81, 0x00, 0xca, 0x69, 0xe5, 0xbb, 0x3a, 0x90, 0x82, 0xcb,
134 0x82, 0x50, 0x2f, 0x29, 0xe2, 0x76, 0x6a, 0x57, 0x55, 0x45, 0x4e, 0x35,
135 0x18, 0x61, 0xe0, 0x12, 0x70, 0xc0, 0xab, 0xc7, 0x80, 0xa2, 0xd4, 0x46,
136 0x34, 0x03, 0xa0, 0x19, 0x26, 0x23, 0x9e, 0xef, 0x1a, 0xcb, 0x75, 0xd6,
137 0xba, 0x81, 0xf4, 0x7e, 0x52, 0xe5, 0x2a, 0xe8, 0xf1, 0x49, 0x6c, 0x0f,
138 0x1a, 0xa0, 0xf9, 0xc6, 0xe7, 0xec, 0x60, 0xe4, 0xcb, 0x2a, 0xb5, 0x56,
139 0xe9, 0x9c, 0xcd, 0x19, 0x75, 0x92, 0xb1, 0x66, 0xce, 0xc3, 0xd9, 0x3d,
140 0x11, 0xcb, 0xc4, 0x09, 0xce, 0x1e, 0x30, 0xba, 0x2f, 0x60, 0x60, 0x55,
141 0x8d, 0x02, 0xdc, 0x5d, 0xaf, 0xf7, 0x52, 0x31, 0x17, 0x07, 0x53, 0x20,
142 0x33, 0xad, 0x8c, 0xd5, 0x2f, 0x5a, 0xd0, 0x57, 0xd7, 0xd1, 0x80, 0xd6,
143 0x3a, 0x9b, 0x04, 0x4f, 0x35, 0xbf, 0xe7, 0xd5, 0xbc, 0x8f, 0xd4, 0x81,
144 0x02, 0x81, 0x81, 0x00, 0xc0, 0x9f, 0xf8, 0xcd, 0xf7, 0x3f, 0x26, 0x8a,
145 0x3d, 0x4d, 0x2b, 0x0c, 0x01, 0xd0, 0xa2, 0xb4, 0x18, 0xfe, 0xf7, 0x5e,
146 0x2f, 0x06, 0x13, 0xcd, 0x63, 0xaa, 0x12, 0xa9, 0x24, 0x86, 0xe3, 0xf3,
147 0x7b, 0xda, 0x1a, 0x3c, 0xb1, 0x38, 0x80, 0x80, 0xef, 0x64, 0x64, 0xa1,
148 0x9b, 0xfe, 0x76, 0x63, 0x8e, 0x83, 0xd2, 0xd9, 0xb9, 0x86, 0xb0, 0xe6,
149 0xa6, 0x0c, 0x7e, 0xa8, 0x84, 0x90, 0x98, 0x0c, 0x1e, 0xf3, 0x14, 0x77,
150 0xe0, 0x5f, 0x81, 0x08, 0x11, 0x8f, 0xa6, 0x23, 0xc4, 0xba, 0xc0, 0x8a,
151 0xe4, 0xc6, 0xe3, 0x5c, 0xbe, 0xc5, 0xec, 0x2c, 0xb9, 0xd8, 0x8c, 0x4d,
152 0x1a, 0x9d, 0xe7, 0x7c, 0x85, 0x4c, 0x0d, 0x71, 0x4e, 0x72, 0x33, 0x1b,
153 0xfe, 0xa9, 0x17, 0x72, 0x76, 0x56, 0x9d, 0x74, 0x7e, 0x52, 0x67, 0x9a,
154 0x87, 0x9a, 0xdb, 0x30, 0xde, 0xe4, 0x49, 0x28, 0x3b, 0xd2, 0x67, 0xaf,
155 0x02, 0x81, 0x81, 0x00, 0x89, 0x74, 0x9a, 0x8e, 0xa7, 0xb9, 0xa5, 0x28,
156 0xc0, 0x68, 0xe5, 0x6e, 0x63, 0x1c, 0x99, 0x20, 0x8f, 0x86, 0x8e, 0x12,
157 0x9e, 0x69, 0x30, 0xfa, 0x34, 0xd9, 0x92, 0x8d, 0xdb, 0x7c, 0x37, 0xfd,
158 0x28, 0xab, 0x61, 0x98, 0x52, 0x7f, 0x14, 0x1a, 0x39, 0xae, 0xfb, 0x6a,
159 0x03, 0xa3, 0xe6, 0xbd, 0xb6, 0x5b, 0x6b, 0xe5, 0x5e, 0x9d, 0xc6, 0xa5,
160 0x07, 0x27, 0x54, 0x17, 0xd0, 0x3d, 0x84, 0x9b, 0x3a, 0xa0, 0xd9, 0x1e,
161 0x99, 0x6c, 0x63, 0x17, 0xab, 0xf1, 0x1f, 0x49, 0xba, 0x95, 0xe3, 0x3b,
162 0x86, 0x8f, 0x42, 0xa4, 0x89, 0xf5, 0x94, 0x8f, 0x8b, 0x46, 0xbe, 0x84,
163 0xba, 0x4a, 0xbc, 0x0d, 0x5f, 0x46, 0xeb, 0xe8, 0xec, 0x43, 0x8c, 0x1e,
164 0xad, 0x19, 0x69, 0x2f, 0x08, 0x86, 0x7a, 0x3f, 0x7d, 0x0f, 0x07, 0x97,
165 0xf3, 0x9a, 0x7b, 0xb5, 0xb2, 0xc1, 0x8c, 0x95, 0x68, 0x04, 0xa0, 0x81,
166 0x02, 0x81, 0x80, 0x4e, 0xbf, 0x7e, 0x1b, 0xcb, 0x13, 0x61, 0x75, 0x3b,
167 0xdb, 0x59, 0x5f, 0xb1, 0xd4, 0xb8, 0xeb, 0x9e, 0x73, 0xb5, 0xe7, 0xf6,
168 0x89, 0x3d, 0x1c, 0xda, 0xf0, 0x36, 0xff, 0x35, 0xbd, 0x1e, 0x0b, 0x74,
169 0xe3, 0x9e, 0xf0, 0xf2, 0xf7, 0xd7, 0x82, 0xb7, 0x7b, 0x6a, 0x1b, 0x0e,
170 0x30, 0x4a, 0x98, 0x0e, 0xb4, 0xf9, 0x81, 0x07, 0xe4, 0x75, 0x39, 0xe9,
171 0x53, 0xca, 0xbb, 0x5c, 0xaa, 0x93, 0x07, 0x0e, 0xa8, 0x2f, 0xba, 0x98,
172 0x49, 0x30, 0xa7, 0xcc, 0x1a, 0x3c, 0x68, 0x0c, 0xe1, 0xa4, 0xb1, 0x05,
173 0xe6, 0xe0, 0x25, 0x78, 0x58, 0x14, 0x37, 0xf5, 0x1f, 0xe3, 0x22, 0xef,
174 0xa8, 0x0e, 0x22, 0xa0, 0x94, 0x3a, 0xf6, 0xc9, 0x13, 0xe6, 0x06, 0xbf,
175 0x7f, 0x99, 0xc6, 0xcc, 0xd8, 0xc6, 0xbe, 0xd9, 0x2e, 0x24, 0xc7, 0x69,
176 0x8c, 0x95, 0xba, 0xf6, 0x04, 0xb3, 0x0a, 0xf4, 0xcb, 0xf0, 0xce,
179 static const unsigned char kMsg[] = { 1, 2, 3, 4 };
181 static const unsigned char kSignature[] = {
182 0xa5, 0xf0, 0x8a, 0x47, 0x5d, 0x3c, 0xb3, 0xcc, 0xa9, 0x79, 0xaf, 0x4d,
183 0x8c, 0xae, 0x4c, 0x14, 0xef, 0xc2, 0x0b, 0x34, 0x36, 0xde, 0xf4, 0x3e,
184 0x3d, 0xbb, 0x4a, 0x60, 0x5c, 0xc8, 0x91, 0x28, 0xda, 0xfb, 0x7e, 0x04,
185 0x96, 0x7e, 0x63, 0x13, 0x90, 0xce, 0xb9, 0xb4, 0x62, 0x7a, 0xfd, 0x09,
186 0x3d, 0xc7, 0x67, 0x78, 0x54, 0x04, 0xeb, 0x52, 0x62, 0x6e, 0x24, 0x67,
187 0xb4, 0x40, 0xfc, 0x57, 0x62, 0xc6, 0xf1, 0x67, 0xc1, 0x97, 0x8f, 0x6a,
188 0xa8, 0xae, 0x44, 0x46, 0x5e, 0xab, 0x67, 0x17, 0x53, 0x19, 0x3a, 0xda,
189 0x5a, 0xc8, 0x16, 0x3e, 0x86, 0xd5, 0xc5, 0x71, 0x2f, 0xfc, 0x23, 0x48,
190 0xd9, 0x0b, 0x13, 0xdd, 0x7b, 0x5a, 0x25, 0x79, 0xef, 0xa5, 0x7b, 0x04,
191 0xed, 0x44, 0xf6, 0x18, 0x55, 0xe4, 0x0a, 0xe9, 0x57, 0x79, 0x5d, 0xd7,
192 0x55, 0xa7, 0xab, 0x45, 0x02, 0x97, 0x60, 0x42,
196 * kExampleRSAKeyPKCS8 is kExampleRSAKeyDER encoded in a PKCS #8
199 static const unsigned char kExampleRSAKeyPKCS8[] = {
200 0x30, 0x82, 0x02, 0x76, 0x02, 0x01, 0x00, 0x30, 0x0d, 0x06, 0x09, 0x2a,
201 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x04, 0x82,
202 0x02, 0x60, 0x30, 0x82, 0x02, 0x5c, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81,
203 0x00, 0xf8, 0xb8, 0x6c, 0x83, 0xb4, 0xbc, 0xd9, 0xa8, 0x57, 0xc0, 0xa5,
204 0xb4, 0x59, 0x76, 0x8c, 0x54, 0x1d, 0x79, 0xeb, 0x22, 0x52, 0x04, 0x7e,
205 0xd3, 0x37, 0xeb, 0x41, 0xfd, 0x83, 0xf9, 0xf0, 0xa6, 0x85, 0x15, 0x34,
206 0x75, 0x71, 0x5a, 0x84, 0xa8, 0x3c, 0xd2, 0xef, 0x5a, 0x4e, 0xd3, 0xde,
207 0x97, 0x8a, 0xdd, 0xff, 0xbb, 0xcf, 0x0a, 0xaa, 0x86, 0x92, 0xbe, 0xb8,
208 0x50, 0xe4, 0xcd, 0x6f, 0x80, 0x33, 0x30, 0x76, 0x13, 0x8f, 0xca, 0x7b,
209 0xdc, 0xec, 0x5a, 0xca, 0x63, 0xc7, 0x03, 0x25, 0xef, 0xa8, 0x8a, 0x83,
210 0x58, 0x76, 0x20, 0xfa, 0x16, 0x77, 0xd7, 0x79, 0x92, 0x63, 0x01, 0x48,
211 0x1a, 0xd8, 0x7b, 0x67, 0xf1, 0x52, 0x55, 0x49, 0x4e, 0xd6, 0x6e, 0x4a,
212 0x5c, 0xd7, 0x7a, 0x37, 0x36, 0x0c, 0xde, 0xdd, 0x8f, 0x44, 0xe8, 0xc2,
213 0xa7, 0x2c, 0x2b, 0xb5, 0xaf, 0x64, 0x4b, 0x61, 0x07, 0x02, 0x03, 0x01,
214 0x00, 0x01, 0x02, 0x81, 0x80, 0x74, 0x88, 0x64, 0x3f, 0x69, 0x45, 0x3a,
215 0x6d, 0xc7, 0x7f, 0xb9, 0xa3, 0xc0, 0x6e, 0xec, 0xdc, 0xd4, 0x5a, 0xb5,
216 0x32, 0x85, 0x5f, 0x19, 0xd4, 0xf8, 0xd4, 0x3f, 0x3c, 0xfa, 0xc2, 0xf6,
217 0x5f, 0xee, 0xe6, 0xba, 0x87, 0x74, 0x2e, 0xc7, 0x0c, 0xd4, 0x42, 0xb8,
218 0x66, 0x85, 0x9c, 0x7b, 0x24, 0x61, 0xaa, 0x16, 0x11, 0xf6, 0xb5, 0xb6,
219 0xa4, 0x0a, 0xc9, 0x55, 0x2e, 0x81, 0xa5, 0x47, 0x61, 0xcb, 0x25, 0x8f,
220 0xc2, 0x15, 0x7b, 0x0e, 0x7c, 0x36, 0x9f, 0x3a, 0xda, 0x58, 0x86, 0x1c,
221 0x5b, 0x83, 0x79, 0xe6, 0x2b, 0xcc, 0xe6, 0xfa, 0x2c, 0x61, 0xf2, 0x78,
222 0x80, 0x1b, 0xe2, 0xf3, 0x9d, 0x39, 0x2b, 0x65, 0x57, 0x91, 0x3d, 0x71,
223 0x99, 0x73, 0xa5, 0xc2, 0x79, 0x20, 0x8c, 0x07, 0x4f, 0xe5, 0xb4, 0x60,
224 0x1f, 0x99, 0xa2, 0xb1, 0x4f, 0x0c, 0xef, 0xbc, 0x59, 0x53, 0x00, 0x7d,
225 0xb1, 0x02, 0x41, 0x00, 0xfc, 0x7e, 0x23, 0x65, 0x70, 0xf8, 0xce, 0xd3,
226 0x40, 0x41, 0x80, 0x6a, 0x1d, 0x01, 0xd6, 0x01, 0xff, 0xb6, 0x1b, 0x3d,
227 0x3d, 0x59, 0x09, 0x33, 0x79, 0xc0, 0x4f, 0xde, 0x96, 0x27, 0x4b, 0x18,
228 0xc6, 0xd9, 0x78, 0xf1, 0xf4, 0x35, 0x46, 0xe9, 0x7c, 0x42, 0x7a, 0x5d,
229 0x9f, 0xef, 0x54, 0xb8, 0xf7, 0x9f, 0xc4, 0x33, 0x6c, 0xf3, 0x8c, 0x32,
230 0x46, 0x87, 0x67, 0x30, 0x7b, 0xa7, 0xac, 0xe3, 0x02, 0x41, 0x00, 0xfc,
231 0x2c, 0xdf, 0x0c, 0x0d, 0x88, 0xf5, 0xb1, 0x92, 0xa8, 0x93, 0x47, 0x63,
232 0x55, 0xf5, 0xca, 0x58, 0x43, 0xba, 0x1c, 0xe5, 0x9e, 0xb6, 0x95, 0x05,
233 0xcd, 0xb5, 0x82, 0xdf, 0xeb, 0x04, 0x53, 0x9d, 0xbd, 0xc2, 0x38, 0x16,
234 0xb3, 0x62, 0xdd, 0xa1, 0x46, 0xdb, 0x6d, 0x97, 0x93, 0x9f, 0x8a, 0xc3,
235 0x9b, 0x64, 0x7e, 0x42, 0xe3, 0x32, 0x57, 0x19, 0x1b, 0xd5, 0x6e, 0x85,
236 0xfa, 0xb8, 0x8d, 0x02, 0x41, 0x00, 0xbc, 0x3d, 0xde, 0x6d, 0xd6, 0x97,
237 0xe8, 0xba, 0x9e, 0x81, 0x37, 0x17, 0xe5, 0xa0, 0x64, 0xc9, 0x00, 0xb7,
238 0xe7, 0xfe, 0xf4, 0x29, 0xd9, 0x2e, 0x43, 0x6b, 0x19, 0x20, 0xbd, 0x99,
239 0x75, 0xe7, 0x76, 0xf8, 0xd3, 0xae, 0xaf, 0x7e, 0xb8, 0xeb, 0x81, 0xf4,
240 0x9d, 0xfe, 0x07, 0x2b, 0x0b, 0x63, 0x0b, 0x5a, 0x55, 0x90, 0x71, 0x7d,
241 0xf1, 0xdb, 0xd9, 0xb1, 0x41, 0x41, 0x68, 0x2f, 0x4e, 0x39, 0x02, 0x40,
242 0x5a, 0x34, 0x66, 0xd8, 0xf5, 0xe2, 0x7f, 0x18, 0xb5, 0x00, 0x6e, 0x26,
243 0x84, 0x27, 0x14, 0x93, 0xfb, 0xfc, 0xc6, 0x0f, 0x5e, 0x27, 0xe6, 0xe1,
244 0xe9, 0xc0, 0x8a, 0xe4, 0x34, 0xda, 0xe9, 0xa2, 0x4b, 0x73, 0xbc, 0x8c,
245 0xb9, 0xba, 0x13, 0x6c, 0x7a, 0x2b, 0x51, 0x84, 0xa3, 0x4a, 0xe0, 0x30,
246 0x10, 0x06, 0x7e, 0xed, 0x17, 0x5a, 0x14, 0x00, 0xc9, 0xef, 0x85, 0xea,
247 0x52, 0x2c, 0xbc, 0x65, 0x02, 0x40, 0x51, 0xe3, 0xf2, 0x83, 0x19, 0x9b,
248 0xc4, 0x1e, 0x2f, 0x50, 0x3d, 0xdf, 0x5a, 0xa2, 0x18, 0xca, 0x5f, 0x2e,
249 0x49, 0xaf, 0x6f, 0xcc, 0xfa, 0x65, 0x77, 0x94, 0xb5, 0xa1, 0x0a, 0xa9,
250 0xd1, 0x8a, 0x39, 0x37, 0xf4, 0x0b, 0xa0, 0xd7, 0x82, 0x27, 0x5e, 0xae,
251 0x17, 0x17, 0xa1, 0x1e, 0x54, 0x34, 0xbf, 0x6e, 0xc4, 0x8e, 0x99, 0x5d,
252 0x08, 0xf1, 0x2d, 0x86, 0x9d, 0xa5, 0x20, 0x1b, 0xe5, 0xdf,
255 #ifndef OPENSSL_NO_EC
257 * kExampleECKeyDER is a sample EC private key encoded as an ECPrivateKey
260 static const unsigned char kExampleECKeyDER[] = {
261 0x30, 0x77, 0x02, 0x01, 0x01, 0x04, 0x20, 0x07, 0x0f, 0x08, 0x72, 0x7a,
262 0xd4, 0xa0, 0x4a, 0x9c, 0xdd, 0x59, 0xc9, 0x4d, 0x89, 0x68, 0x77, 0x08,
263 0xb5, 0x6f, 0xc9, 0x5d, 0x30, 0x77, 0x0e, 0xe8, 0xd1, 0xc9, 0xce, 0x0a,
264 0x8b, 0xb4, 0x6a, 0xa0, 0x0a, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d,
265 0x03, 0x01, 0x07, 0xa1, 0x44, 0x03, 0x42, 0x00, 0x04, 0xe6, 0x2b, 0x69,
266 0xe2, 0xbf, 0x65, 0x9f, 0x97, 0xbe, 0x2f, 0x1e, 0x0d, 0x94, 0x8a, 0x4c,
267 0xd5, 0x97, 0x6b, 0xb7, 0xa9, 0x1e, 0x0d, 0x46, 0xfb, 0xdd, 0xa9, 0xa9,
268 0x1e, 0x9d, 0xdc, 0xba, 0x5a, 0x01, 0xe7, 0xd6, 0x97, 0xa8, 0x0a, 0x18,
269 0xf9, 0xc3, 0xc4, 0xa3, 0x1e, 0x56, 0xe2, 0x7c, 0x83, 0x48, 0xdb, 0x16,
270 0x1a, 0x1c, 0xf5, 0x1d, 0x7e, 0xf1, 0x94, 0x2d, 0x4b, 0xcf, 0x72, 0x22,
275 * kExampleBadECKeyDER is a sample EC private key encoded as an ECPrivateKey
276 * structure. The private key is equal to the order and will fail to import
278 static const unsigned char kExampleBadECKeyDER[] = {
279 0x30, 0x66, 0x02, 0x01, 0x00, 0x30, 0x13, 0x06, 0x07, 0x2A, 0x86, 0x48,
280 0xCE, 0x3D, 0x02, 0x01, 0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x03,
281 0x01, 0x07, 0x04, 0x4C, 0x30, 0x4A, 0x02, 0x01, 0x01, 0x04, 0x20, 0xFF,
282 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
283 0xFF, 0xFF, 0xFF, 0xBC, 0xE6, 0xFA, 0xAD, 0xA7, 0x17, 0x9E, 0x84, 0xF3,
284 0xB9, 0xCA, 0xC2, 0xFC, 0x63, 0x25, 0x51, 0xA1, 0x23, 0x03, 0x21, 0x00,
285 0x00, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF,
286 0xFF, 0xFF, 0xFF, 0xFF, 0xBC, 0xE6, 0xFA, 0xAD, 0xA7, 0x17, 0x9E, 0x84,
287 0xF3, 0xB9, 0xCA, 0xC2, 0xFC, 0x63, 0x25, 0x51
291 static const unsigned char kExampleECPubKeyDER[] = {
292 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
293 0x01, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, 0x03,
294 0x42, 0x00, 0x04, 0xba, 0xeb, 0x83, 0xfb, 0x3b, 0xb2, 0xff, 0x30, 0x53,
295 0xdb, 0xce, 0x32, 0xf2, 0xac, 0xae, 0x44, 0x0d, 0x3d, 0x13, 0x53, 0xb8,
296 0xd1, 0x68, 0x55, 0xde, 0x44, 0x46, 0x05, 0xa6, 0xc9, 0xd2, 0x04, 0xb7,
297 0xe3, 0xa2, 0x96, 0xc8, 0xb2, 0x5e, 0x22, 0x03, 0xd7, 0x03, 0x7a, 0x8b,
298 0x13, 0x5c, 0x42, 0x49, 0xc2, 0xab, 0x86, 0xd6, 0xac, 0x6b, 0x93, 0x20,
299 0x56, 0x6a, 0xc6, 0xc8, 0xa5, 0x0b, 0xe5
302 static const unsigned char pExampleECParamDER[] = {
303 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07
307 typedef struct APK_DATA_st {
308 const unsigned char *kder;
314 int type; /* 0 for private, 1 for public, 2 for params */
317 static APK_DATA keydata[] = {
318 {kExampleRSAKeyDER, sizeof(kExampleRSAKeyDER), EVP_PKEY_RSA},
319 {kExampleRSAKeyPKCS8, sizeof(kExampleRSAKeyPKCS8), EVP_PKEY_RSA},
320 #ifndef OPENSSL_NO_EC
321 {kExampleECKeyDER, sizeof(kExampleECKeyDER), EVP_PKEY_EC}
325 static APK_DATA keycheckdata[] = {
326 {kExampleRSAKeyDER, sizeof(kExampleRSAKeyDER), EVP_PKEY_RSA, 1, -2, -2, 0},
327 {kExampleBadRSAKeyDER, sizeof(kExampleBadRSAKeyDER), EVP_PKEY_RSA,
329 #ifndef OPENSSL_NO_EC
330 {kExampleECKeyDER, sizeof(kExampleECKeyDER), EVP_PKEY_EC, 1, 1, 1, 0},
331 /* group is also associated in our pub key */
332 {kExampleECPubKeyDER, sizeof(kExampleECPubKeyDER), EVP_PKEY_EC, 0, 1, 1, 1},
333 {pExampleECParamDER, sizeof(pExampleECParamDER), EVP_PKEY_EC, 0, 0, 1, 2}
337 static EVP_PKEY *load_example_rsa_key(void)
339 EVP_PKEY *ret = NULL;
340 const unsigned char *derp = kExampleRSAKeyDER;
341 EVP_PKEY *pkey = NULL;
344 if (!TEST_true(d2i_RSAPrivateKey(&rsa, &derp, sizeof(kExampleRSAKeyDER))))
347 if (!TEST_ptr(pkey = EVP_PKEY_new())
348 || !TEST_true(EVP_PKEY_set1_RSA(pkey, rsa)))
361 static int test_EVP_Enveloped(void)
364 EVP_CIPHER_CTX *ctx = NULL;
365 EVP_PKEY *keypair = NULL;
366 unsigned char *kek = NULL;
367 unsigned char iv[EVP_MAX_IV_LENGTH];
368 static const unsigned char msg[] = { 1, 2, 3, 4, 5, 6, 7, 8 };
369 int len, kek_len, ciphertext_len, plaintext_len;
370 unsigned char ciphertext[32], plaintext[16];
371 const EVP_CIPHER *type = EVP_aes_256_cbc();
373 if (!TEST_ptr(keypair = load_example_rsa_key())
374 || !TEST_ptr(kek = OPENSSL_zalloc(EVP_PKEY_size(keypair)))
375 || !TEST_ptr(ctx = EVP_CIPHER_CTX_new())
376 || !TEST_true(EVP_SealInit(ctx, type, &kek, &kek_len, iv,
378 || !TEST_true(EVP_SealUpdate(ctx, ciphertext, &ciphertext_len,
380 || !TEST_true(EVP_SealFinal(ctx, ciphertext + ciphertext_len,
384 ciphertext_len += len;
386 if (!TEST_true(EVP_OpenInit(ctx, type, kek, kek_len, iv, keypair))
387 || !TEST_true(EVP_OpenUpdate(ctx, plaintext, &plaintext_len,
388 ciphertext, ciphertext_len))
389 || !TEST_true(EVP_OpenFinal(ctx, plaintext + plaintext_len, &len)))
392 plaintext_len += len;
393 if (!TEST_mem_eq(msg, sizeof(msg), plaintext, plaintext_len))
399 EVP_PKEY_free(keypair);
400 EVP_CIPHER_CTX_free(ctx);
405 static int test_EVP_DigestSignInit(void)
408 EVP_PKEY *pkey = NULL;
409 unsigned char *sig = NULL;
411 EVP_MD_CTX *md_ctx, *md_ctx_verify = NULL;
413 if (!TEST_ptr(md_ctx = EVP_MD_CTX_new())
414 || !TEST_ptr(md_ctx_verify = EVP_MD_CTX_new())
415 || !TEST_ptr(pkey = load_example_rsa_key()))
418 if (!TEST_true(EVP_DigestSignInit(md_ctx, NULL, EVP_sha256(), NULL, pkey))
419 || !TEST_true(EVP_DigestSignUpdate(md_ctx, kMsg, sizeof(kMsg))))
422 /* Determine the size of the signature. */
423 if (!TEST_true(EVP_DigestSignFinal(md_ctx, NULL, &sig_len))
424 || !TEST_size_t_eq(sig_len, (size_t)EVP_PKEY_size(pkey)))
427 if (!TEST_ptr(sig = OPENSSL_malloc(sig_len))
428 || !TEST_true(EVP_DigestSignFinal(md_ctx, sig, &sig_len)))
431 /* Ensure that the signature round-trips. */
432 if (!TEST_true(EVP_DigestVerifyInit(md_ctx_verify, NULL, EVP_sha256(),
434 || !TEST_true(EVP_DigestVerifyUpdate(md_ctx_verify,
436 || !TEST_true(EVP_DigestVerifyFinal(md_ctx_verify, sig, sig_len)))
442 EVP_MD_CTX_free(md_ctx);
443 EVP_MD_CTX_free(md_ctx_verify);
450 static int test_EVP_DigestVerifyInit(void)
453 EVP_PKEY *pkey = NULL;
454 EVP_MD_CTX *md_ctx = NULL;
456 if (!TEST_ptr(md_ctx = EVP_MD_CTX_new())
457 || !TEST_ptr(pkey = load_example_rsa_key()))
460 if (!TEST_true(EVP_DigestVerifyInit(md_ctx, NULL, EVP_sha256(), NULL, pkey))
461 || !TEST_true(EVP_DigestVerifyUpdate(md_ctx, kMsg, sizeof(kMsg)))
462 || !TEST_true(EVP_DigestVerifyFinal(md_ctx, kSignature,
463 sizeof(kSignature))))
468 EVP_MD_CTX_free(md_ctx);
473 static int test_d2i_AutoPrivateKey(int i)
476 const unsigned char *p;
477 EVP_PKEY *pkey = NULL;
478 const APK_DATA *ak = &keydata[i];
479 const unsigned char *input = ak->kder;
480 size_t input_len = ak->size;
481 int expected_id = ak->evptype;
484 if (!TEST_ptr(pkey = d2i_AutoPrivateKey(NULL, &p, input_len))
485 || !TEST_ptr_eq(p, input + input_len)
486 || !TEST_int_eq(EVP_PKEY_id(pkey), expected_id))
496 #ifndef OPENSSL_NO_EC
497 /* Tests loading a bad key in PKCS8 format */
498 static int test_EVP_PKCS82PKEY(void)
501 const unsigned char *derp = kExampleBadECKeyDER;
502 PKCS8_PRIV_KEY_INFO *p8inf = NULL;
503 EVP_PKEY *pkey = NULL;
505 if (!TEST_ptr(p8inf = d2i_PKCS8_PRIV_KEY_INFO(NULL, &derp,
506 sizeof(kExampleBadECKeyDER))))
509 if (!TEST_ptr_eq(derp,
510 kExampleBadECKeyDER + sizeof(kExampleBadECKeyDER)))
513 if (!TEST_ptr_null(pkey = EVP_PKCS82PKEY(p8inf)))
519 PKCS8_PRIV_KEY_INFO_free(p8inf);
526 #ifndef OPENSSL_NO_SM2
528 static int test_EVP_SM2_verify(void)
530 /* From https://tools.ietf.org/html/draft-shen-sm2-ecdsa-02#appendix-A */
532 "-----BEGIN PUBLIC KEY-----\n"
533 "MIIBMzCB7AYHKoZIzj0CATCB4AIBATAsBgcqhkjOPQEBAiEAhULWnkwETxjouSQ1\n"
534 "v2/33kVyg5FcRVF9ci7biwjx38MwRAQgeHlotPoyw/0kF4Quc7v+/y88hItoMdfg\n"
535 "7GUiizk35JgEIGPkxtOyOwyEnPhCQUhL/kj2HVmlsWugbm4S0donxSSaBEEEQh3r\n"
536 "1hti6rZ0ZDTrw8wxXjIiCzut1QvcTE5sFH/t1D0GgFEry7QsB9RzSdIVO3DE5df9\n"
537 "/L+jbqGoWEG55G4JogIhAIVC1p5MBE8Y6LkkNb9v990pdyBjBIVijVrnTufDLnm3\n"
538 "AgEBA0IABArkx3mKoPEZRxvuEYJb5GICu3nipYRElel8BP9N8lSKfAJA+I8c1OFj\n"
539 "Uqc8F7fxbwc1PlOhdtaEqf4Ma7eY6Fc=\n"
540 "-----END PUBLIC KEY-----\n";
542 const char *msg = "message digest";
543 const char *id = "ALICE123@YAHOO.COM";
545 const uint8_t signature[] = {
546 0x30, 0x44, 0x02, 0x20,
548 0x40, 0xF1, 0xEC, 0x59, 0xF7, 0x93, 0xD9, 0xF4, 0x9E, 0x09, 0xDC,
549 0xEF, 0x49, 0x13, 0x0D, 0x41, 0x94, 0xF7, 0x9F, 0xB1, 0xEE, 0xD2,
550 0xCA, 0xA5, 0x5B, 0xAC, 0xDB, 0x49, 0xC4, 0xE7, 0x55, 0xD1,
554 0x6F, 0xC6, 0xDA, 0xC3, 0x2C, 0x5D, 0x5C, 0xF1, 0x0C, 0x77, 0xDF,
555 0xB2, 0x0F, 0x7C, 0x2E, 0xB6, 0x67, 0xA4, 0x57, 0x87, 0x2F, 0xB0,
556 0x9E, 0xC5, 0x63, 0x27, 0xA6, 0x7E, 0xC7, 0xDE, 0xEB, 0xE7
561 EVP_PKEY *pkey = NULL;
562 EVP_MD_CTX *mctx = NULL;
563 EVP_PKEY_CTX *pctx = NULL;
565 bio = BIO_new_mem_buf(pubkey, strlen(pubkey));
566 if (!TEST_true(bio != NULL))
569 pkey = PEM_read_bio_PUBKEY(bio, NULL, NULL, NULL);
570 if (!TEST_true(pkey != NULL))
573 if (!TEST_true(EVP_PKEY_set_alias_type(pkey, EVP_PKEY_SM2)))
576 if (!TEST_ptr(mctx = EVP_MD_CTX_new()))
579 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new(pkey, NULL)))
582 if (!TEST_int_gt(EVP_PKEY_CTX_set1_id(pctx, (const uint8_t *)id,
586 EVP_MD_CTX_set_pkey_ctx(mctx, pctx);
588 if (!TEST_true(EVP_DigestVerifyInit(mctx, NULL, EVP_sm3(), NULL, pkey)))
591 if (!TEST_true(EVP_DigestVerifyUpdate(mctx, msg, strlen(msg))))
594 if (!TEST_true(EVP_DigestVerifyFinal(mctx, signature, sizeof(signature))))
601 EVP_PKEY_CTX_free(pctx);
602 EVP_MD_CTX_free(mctx);
606 static int test_EVP_SM2(void)
609 EVP_PKEY *pkey = NULL;
610 EVP_PKEY *params = NULL;
611 EVP_PKEY_CTX *pctx = NULL;
612 EVP_PKEY_CTX *kctx = NULL;
613 EVP_PKEY_CTX *sctx = NULL;
615 unsigned char *sig = NULL;
616 EVP_MD_CTX *md_ctx = NULL;
617 EVP_MD_CTX *md_ctx_verify = NULL;
618 EVP_PKEY_CTX *cctx = NULL;
620 uint8_t ciphertext[128];
621 size_t ctext_len = sizeof(ciphertext);
623 uint8_t plaintext[8];
624 size_t ptext_len = sizeof(plaintext);
626 uint8_t sm2_id[] = {1, 2, 3, 4, 'l', 'e', 't', 't', 'e', 'r'};
628 pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_EC, NULL);
632 if (!TEST_true(EVP_PKEY_paramgen_init(pctx) == 1))
635 if (!TEST_true(EVP_PKEY_CTX_set_ec_paramgen_curve_nid(pctx, NID_sm2)))
638 if (!TEST_true(EVP_PKEY_paramgen(pctx, ¶ms)))
641 kctx = EVP_PKEY_CTX_new(params, NULL);
645 if (!TEST_true(EVP_PKEY_keygen_init(kctx)))
648 if (!TEST_true(EVP_PKEY_keygen(kctx, &pkey)))
651 if (!TEST_true(EVP_PKEY_set_alias_type(pkey, EVP_PKEY_SM2)))
654 if (!TEST_ptr(md_ctx = EVP_MD_CTX_new()))
657 if (!TEST_ptr(md_ctx_verify = EVP_MD_CTX_new()))
660 if (!TEST_ptr(sctx = EVP_PKEY_CTX_new(pkey, NULL)))
663 EVP_MD_CTX_set_pkey_ctx(md_ctx, sctx);
664 EVP_MD_CTX_set_pkey_ctx(md_ctx_verify, sctx);
666 if (!TEST_int_gt(EVP_PKEY_CTX_set1_id(sctx, sm2_id, sizeof(sm2_id)), 0))
669 if (!TEST_true(EVP_DigestSignInit(md_ctx, NULL, EVP_sm3(), NULL, pkey)))
672 if(!TEST_true(EVP_DigestSignUpdate(md_ctx, kMsg, sizeof(kMsg))))
675 /* Determine the size of the signature. */
676 if (!TEST_true(EVP_DigestSignFinal(md_ctx, NULL, &sig_len)))
679 if (!TEST_size_t_eq(sig_len, (size_t)EVP_PKEY_size(pkey)))
682 if (!TEST_ptr(sig = OPENSSL_malloc(sig_len)))
685 if (!TEST_true(EVP_DigestSignFinal(md_ctx, sig, &sig_len)))
688 /* Ensure that the signature round-trips. */
690 if (!TEST_true(EVP_DigestVerifyInit(md_ctx_verify, NULL, EVP_sm3(), NULL, pkey)))
693 if (!TEST_true(EVP_DigestVerifyUpdate(md_ctx_verify, kMsg, sizeof(kMsg))))
696 if (!TEST_true(EVP_DigestVerifyFinal(md_ctx_verify, sig, sig_len)))
699 /* now check encryption/decryption */
701 if (!TEST_ptr(cctx = EVP_PKEY_CTX_new(pkey, NULL)))
704 if (!TEST_true(EVP_PKEY_encrypt_init(cctx)))
707 if (!TEST_true(EVP_PKEY_encrypt(cctx, ciphertext, &ctext_len, kMsg, sizeof(kMsg))))
710 if (!TEST_true(EVP_PKEY_decrypt_init(cctx)))
713 if (!TEST_true(EVP_PKEY_decrypt(cctx, plaintext, &ptext_len, ciphertext, ctext_len)))
716 if (!TEST_true(ptext_len == sizeof(kMsg)))
719 if (!TEST_true(memcmp(plaintext, kMsg, sizeof(kMsg)) == 0))
724 EVP_PKEY_CTX_free(pctx);
725 EVP_PKEY_CTX_free(kctx);
726 EVP_PKEY_CTX_free(sctx);
727 EVP_PKEY_CTX_free(cctx);
729 EVP_PKEY_free(params);
730 EVP_MD_CTX_free(md_ctx);
731 EVP_MD_CTX_free(md_ctx_verify);
738 static struct keys_st {
744 EVP_PKEY_HMAC, "0123456789", NULL
746 EVP_PKEY_POLY1305, "01234567890123456789012345678901", NULL
748 EVP_PKEY_SIPHASH, "0123456789012345", NULL
750 #ifndef OPENSSL_NO_EC
752 EVP_PKEY_X25519, "01234567890123456789012345678901",
753 "abcdefghijklmnopqrstuvwxyzabcdef"
755 EVP_PKEY_ED25519, "01234567890123456789012345678901",
756 "abcdefghijklmnopqrstuvwxyzabcdef"
759 "01234567890123456789012345678901234567890123456789012345",
760 "abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcd"
763 "012345678901234567890123456789012345678901234567890123456",
764 "abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcde"
769 static int test_set_get_raw_keys_int(int tst, int pub)
772 unsigned char buf[80];
774 size_t inlen, len = 0;
777 /* Check if this algorithm supports public keys */
778 if (keys[tst].pub == NULL)
781 memset(buf, 0, sizeof(buf));
784 inlen = strlen(keys[tst].pub);
785 in = (unsigned char *)keys[tst].pub;
786 pkey = EVP_PKEY_new_raw_public_key(keys[tst].type,
791 inlen = strlen(keys[tst].priv);
792 in = (unsigned char *)keys[tst].priv;
793 pkey = EVP_PKEY_new_raw_private_key(keys[tst].type,
800 || (!pub && !TEST_true(EVP_PKEY_get_raw_private_key(pkey, NULL, &len)))
801 || (pub && !TEST_true(EVP_PKEY_get_raw_public_key(pkey, NULL, &len)))
802 || !TEST_true(len == inlen)
803 || (!pub && !TEST_true(EVP_PKEY_get_raw_private_key(pkey, buf, &len)))
804 || (pub && !TEST_true(EVP_PKEY_get_raw_public_key(pkey, buf, &len)))
805 || !TEST_mem_eq(in, inlen, buf, len))
814 static int test_set_get_raw_keys(int tst)
816 return test_set_get_raw_keys_int(tst, 0)
817 && test_set_get_raw_keys_int(tst, 1);
820 static int pkey_custom_check(EVP_PKEY *pkey)
825 static int pkey_custom_pub_check(EVP_PKEY *pkey)
830 static int pkey_custom_param_check(EVP_PKEY *pkey)
835 static EVP_PKEY_METHOD *custom_pmeth;
837 static int test_EVP_PKEY_check(int i)
840 const unsigned char *p;
841 EVP_PKEY *pkey = NULL;
842 #ifndef OPENSSL_NO_EC
843 EC_KEY *eckey = NULL;
845 EVP_PKEY_CTX *ctx = NULL;
846 EVP_PKEY_CTX *ctx2 = NULL;
847 const APK_DATA *ak = &keycheckdata[i];
848 const unsigned char *input = ak->kder;
849 size_t input_len = ak->size;
850 int expected_id = ak->evptype;
851 int expected_check = ak->check;
852 int expected_pub_check = ak->pub_check;
853 int expected_param_check = ak->param_check;
861 if (!TEST_ptr(pkey = d2i_AutoPrivateKey(NULL, &p, input_len))
862 || !TEST_ptr_eq(p, input + input_len)
863 || !TEST_int_eq(EVP_PKEY_id(pkey), expected_id))
866 #ifndef OPENSSL_NO_EC
868 if (!TEST_ptr(pubkey = BIO_new_mem_buf(input, input_len))
869 || !TEST_ptr(eckey = d2i_EC_PUBKEY_bio(pubkey, NULL))
870 || !TEST_ptr(pkey = EVP_PKEY_new())
871 || !TEST_true(EVP_PKEY_assign_EC_KEY(pkey, eckey)))
875 if (!TEST_ptr(eckey = d2i_ECParameters(NULL, &p, input_len))
876 || !TEST_ptr_eq(p, input + input_len)
877 || !TEST_ptr(pkey = EVP_PKEY_new())
878 || !TEST_true(EVP_PKEY_assign_EC_KEY(pkey, eckey)))
886 if (!TEST_ptr(ctx = EVP_PKEY_CTX_new(pkey, NULL)))
889 if (!TEST_int_eq(EVP_PKEY_check(ctx), expected_check))
892 if (!TEST_int_eq(EVP_PKEY_public_check(ctx), expected_pub_check))
895 if (!TEST_int_eq(EVP_PKEY_param_check(ctx), expected_param_check))
898 ctx2 = EVP_PKEY_CTX_new_id(0xdefaced, NULL);
899 /* assign the pkey directly, as an internal test */
900 EVP_PKEY_up_ref(pkey);
903 if (!TEST_int_eq(EVP_PKEY_check(ctx2), 0xbeef))
906 if (!TEST_int_eq(EVP_PKEY_public_check(ctx2), 0xbeef))
909 if (!TEST_int_eq(EVP_PKEY_param_check(ctx2), 0xbeef))
915 EVP_PKEY_CTX_free(ctx);
916 EVP_PKEY_CTX_free(ctx2);
922 static int test_HKDF(void)
925 unsigned char out[20];
928 unsigned char salt[] = "0123456789";
929 unsigned char key[] = "012345678901234567890123456789";
930 unsigned char info[] = "infostring";
931 const unsigned char expected[] = {
932 0xe5, 0x07, 0x70, 0x7f, 0xc6, 0x78, 0xd6, 0x54, 0x32, 0x5f, 0x7e, 0xc5,
933 0x7b, 0x59, 0x3e, 0xd8, 0x03, 0x6b, 0xed, 0xca
935 size_t expectedlen = sizeof(expected);
937 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_HKDF, NULL)))
940 /* We do this twice to test reuse of the EVP_PKEY_CTX */
941 for (i = 0; i < 2; i++) {
942 outlen = sizeof(out);
943 memset(out, 0, outlen);
945 if (!TEST_int_gt(EVP_PKEY_derive_init(pctx), 0)
946 || !TEST_int_gt(EVP_PKEY_CTX_set_hkdf_md(pctx, EVP_sha256()), 0)
947 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_salt(pctx, salt,
948 sizeof(salt) - 1), 0)
949 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_key(pctx, key,
951 || !TEST_int_gt(EVP_PKEY_CTX_add1_hkdf_info(pctx, info,
952 sizeof(info) - 1), 0)
953 || !TEST_int_gt(EVP_PKEY_derive(pctx, out, &outlen), 0)
954 || !TEST_mem_eq(out, outlen, expected, expectedlen))
961 EVP_PKEY_CTX_free(pctx);
966 int setup_tests(void)
968 ADD_TEST(test_EVP_DigestSignInit);
969 ADD_TEST(test_EVP_DigestVerifyInit);
970 ADD_TEST(test_EVP_Enveloped);
971 ADD_ALL_TESTS(test_d2i_AutoPrivateKey, OSSL_NELEM(keydata));
972 #ifndef OPENSSL_NO_EC
973 ADD_TEST(test_EVP_PKCS82PKEY);
975 #ifndef OPENSSL_NO_SM2
976 ADD_TEST(test_EVP_SM2);
977 ADD_TEST(test_EVP_SM2_verify);
979 ADD_ALL_TESTS(test_set_get_raw_keys, OSSL_NELEM(keys));
980 custom_pmeth = EVP_PKEY_meth_new(0xdefaced, 0);
981 if (!TEST_ptr(custom_pmeth))
983 EVP_PKEY_meth_set_check(custom_pmeth, pkey_custom_check);
984 EVP_PKEY_meth_set_public_check(custom_pmeth, pkey_custom_pub_check);
985 EVP_PKEY_meth_set_param_check(custom_pmeth, pkey_custom_param_check);
986 if (!TEST_int_eq(EVP_PKEY_meth_add0(custom_pmeth), 1))
988 ADD_ALL_TESTS(test_EVP_PKEY_check, OSSL_NELEM(keycheckdata));