2 * Copyright 2015-2020 The OpenSSL Project Authors. All Rights Reserved.
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
13 #include <openssl/bio.h>
14 #include <openssl/conf.h>
15 #include <openssl/crypto.h>
16 #include <openssl/err.h>
17 #include <openssl/evp.h>
18 #include <openssl/rsa.h>
19 #include <openssl/x509.h>
20 #include <openssl/pem.h>
21 #include <openssl/kdf.h>
22 #include <openssl/provider.h>
23 #include <openssl/core_names.h>
24 #include <openssl/params.h>
25 #include <openssl/dsa.h>
26 #include <openssl/dh.h>
28 #include "internal/nelem.h"
29 #include "internal/sizes.h"
30 #include "crypto/evp.h"
32 static OPENSSL_CTX *testctx = NULL;
35 * kExampleRSAKeyDER is an RSA private key in ASN.1, DER format. Of course, you
36 * should never use this key anywhere but in an example.
38 static const unsigned char kExampleRSAKeyDER[] = {
39 0x30, 0x82, 0x02, 0x5c, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81, 0x00, 0xf8,
40 0xb8, 0x6c, 0x83, 0xb4, 0xbc, 0xd9, 0xa8, 0x57, 0xc0, 0xa5, 0xb4, 0x59,
41 0x76, 0x8c, 0x54, 0x1d, 0x79, 0xeb, 0x22, 0x52, 0x04, 0x7e, 0xd3, 0x37,
42 0xeb, 0x41, 0xfd, 0x83, 0xf9, 0xf0, 0xa6, 0x85, 0x15, 0x34, 0x75, 0x71,
43 0x5a, 0x84, 0xa8, 0x3c, 0xd2, 0xef, 0x5a, 0x4e, 0xd3, 0xde, 0x97, 0x8a,
44 0xdd, 0xff, 0xbb, 0xcf, 0x0a, 0xaa, 0x86, 0x92, 0xbe, 0xb8, 0x50, 0xe4,
45 0xcd, 0x6f, 0x80, 0x33, 0x30, 0x76, 0x13, 0x8f, 0xca, 0x7b, 0xdc, 0xec,
46 0x5a, 0xca, 0x63, 0xc7, 0x03, 0x25, 0xef, 0xa8, 0x8a, 0x83, 0x58, 0x76,
47 0x20, 0xfa, 0x16, 0x77, 0xd7, 0x79, 0x92, 0x63, 0x01, 0x48, 0x1a, 0xd8,
48 0x7b, 0x67, 0xf1, 0x52, 0x55, 0x49, 0x4e, 0xd6, 0x6e, 0x4a, 0x5c, 0xd7,
49 0x7a, 0x37, 0x36, 0x0c, 0xde, 0xdd, 0x8f, 0x44, 0xe8, 0xc2, 0xa7, 0x2c,
50 0x2b, 0xb5, 0xaf, 0x64, 0x4b, 0x61, 0x07, 0x02, 0x03, 0x01, 0x00, 0x01,
51 0x02, 0x81, 0x80, 0x74, 0x88, 0x64, 0x3f, 0x69, 0x45, 0x3a, 0x6d, 0xc7,
52 0x7f, 0xb9, 0xa3, 0xc0, 0x6e, 0xec, 0xdc, 0xd4, 0x5a, 0xb5, 0x32, 0x85,
53 0x5f, 0x19, 0xd4, 0xf8, 0xd4, 0x3f, 0x3c, 0xfa, 0xc2, 0xf6, 0x5f, 0xee,
54 0xe6, 0xba, 0x87, 0x74, 0x2e, 0xc7, 0x0c, 0xd4, 0x42, 0xb8, 0x66, 0x85,
55 0x9c, 0x7b, 0x24, 0x61, 0xaa, 0x16, 0x11, 0xf6, 0xb5, 0xb6, 0xa4, 0x0a,
56 0xc9, 0x55, 0x2e, 0x81, 0xa5, 0x47, 0x61, 0xcb, 0x25, 0x8f, 0xc2, 0x15,
57 0x7b, 0x0e, 0x7c, 0x36, 0x9f, 0x3a, 0xda, 0x58, 0x86, 0x1c, 0x5b, 0x83,
58 0x79, 0xe6, 0x2b, 0xcc, 0xe6, 0xfa, 0x2c, 0x61, 0xf2, 0x78, 0x80, 0x1b,
59 0xe2, 0xf3, 0x9d, 0x39, 0x2b, 0x65, 0x57, 0x91, 0x3d, 0x71, 0x99, 0x73,
60 0xa5, 0xc2, 0x79, 0x20, 0x8c, 0x07, 0x4f, 0xe5, 0xb4, 0x60, 0x1f, 0x99,
61 0xa2, 0xb1, 0x4f, 0x0c, 0xef, 0xbc, 0x59, 0x53, 0x00, 0x7d, 0xb1, 0x02,
62 0x41, 0x00, 0xfc, 0x7e, 0x23, 0x65, 0x70, 0xf8, 0xce, 0xd3, 0x40, 0x41,
63 0x80, 0x6a, 0x1d, 0x01, 0xd6, 0x01, 0xff, 0xb6, 0x1b, 0x3d, 0x3d, 0x59,
64 0x09, 0x33, 0x79, 0xc0, 0x4f, 0xde, 0x96, 0x27, 0x4b, 0x18, 0xc6, 0xd9,
65 0x78, 0xf1, 0xf4, 0x35, 0x46, 0xe9, 0x7c, 0x42, 0x7a, 0x5d, 0x9f, 0xef,
66 0x54, 0xb8, 0xf7, 0x9f, 0xc4, 0x33, 0x6c, 0xf3, 0x8c, 0x32, 0x46, 0x87,
67 0x67, 0x30, 0x7b, 0xa7, 0xac, 0xe3, 0x02, 0x41, 0x00, 0xfc, 0x2c, 0xdf,
68 0x0c, 0x0d, 0x88, 0xf5, 0xb1, 0x92, 0xa8, 0x93, 0x47, 0x63, 0x55, 0xf5,
69 0xca, 0x58, 0x43, 0xba, 0x1c, 0xe5, 0x9e, 0xb6, 0x95, 0x05, 0xcd, 0xb5,
70 0x82, 0xdf, 0xeb, 0x04, 0x53, 0x9d, 0xbd, 0xc2, 0x38, 0x16, 0xb3, 0x62,
71 0xdd, 0xa1, 0x46, 0xdb, 0x6d, 0x97, 0x93, 0x9f, 0x8a, 0xc3, 0x9b, 0x64,
72 0x7e, 0x42, 0xe3, 0x32, 0x57, 0x19, 0x1b, 0xd5, 0x6e, 0x85, 0xfa, 0xb8,
73 0x8d, 0x02, 0x41, 0x00, 0xbc, 0x3d, 0xde, 0x6d, 0xd6, 0x97, 0xe8, 0xba,
74 0x9e, 0x81, 0x37, 0x17, 0xe5, 0xa0, 0x64, 0xc9, 0x00, 0xb7, 0xe7, 0xfe,
75 0xf4, 0x29, 0xd9, 0x2e, 0x43, 0x6b, 0x19, 0x20, 0xbd, 0x99, 0x75, 0xe7,
76 0x76, 0xf8, 0xd3, 0xae, 0xaf, 0x7e, 0xb8, 0xeb, 0x81, 0xf4, 0x9d, 0xfe,
77 0x07, 0x2b, 0x0b, 0x63, 0x0b, 0x5a, 0x55, 0x90, 0x71, 0x7d, 0xf1, 0xdb,
78 0xd9, 0xb1, 0x41, 0x41, 0x68, 0x2f, 0x4e, 0x39, 0x02, 0x40, 0x5a, 0x34,
79 0x66, 0xd8, 0xf5, 0xe2, 0x7f, 0x18, 0xb5, 0x00, 0x6e, 0x26, 0x84, 0x27,
80 0x14, 0x93, 0xfb, 0xfc, 0xc6, 0x0f, 0x5e, 0x27, 0xe6, 0xe1, 0xe9, 0xc0,
81 0x8a, 0xe4, 0x34, 0xda, 0xe9, 0xa2, 0x4b, 0x73, 0xbc, 0x8c, 0xb9, 0xba,
82 0x13, 0x6c, 0x7a, 0x2b, 0x51, 0x84, 0xa3, 0x4a, 0xe0, 0x30, 0x10, 0x06,
83 0x7e, 0xed, 0x17, 0x5a, 0x14, 0x00, 0xc9, 0xef, 0x85, 0xea, 0x52, 0x2c,
84 0xbc, 0x65, 0x02, 0x40, 0x51, 0xe3, 0xf2, 0x83, 0x19, 0x9b, 0xc4, 0x1e,
85 0x2f, 0x50, 0x3d, 0xdf, 0x5a, 0xa2, 0x18, 0xca, 0x5f, 0x2e, 0x49, 0xaf,
86 0x6f, 0xcc, 0xfa, 0x65, 0x77, 0x94, 0xb5, 0xa1, 0x0a, 0xa9, 0xd1, 0x8a,
87 0x39, 0x37, 0xf4, 0x0b, 0xa0, 0xd7, 0x82, 0x27, 0x5e, 0xae, 0x17, 0x17,
88 0xa1, 0x1e, 0x54, 0x34, 0xbf, 0x6e, 0xc4, 0x8e, 0x99, 0x5d, 0x08, 0xf1,
89 0x2d, 0x86, 0x9d, 0xa5, 0x20, 0x1b, 0xe5, 0xdf,
93 * kExampleDSAKeyDER is a DSA private key in ASN.1, DER format. Of course, you
94 * should never use this key anywhere but in an example.
96 #ifndef OPENSSL_NO_DSA
97 static const unsigned char kExampleDSAKeyDER[] = {
98 0x30, 0x82, 0x01, 0xba, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81, 0x00, 0x9a,
99 0x05, 0x6d, 0x33, 0xcd, 0x5d, 0x78, 0xa1, 0xbb, 0xcb, 0x7d, 0x5b, 0x8d,
100 0xb4, 0xcc, 0xbf, 0x03, 0x99, 0x64, 0xde, 0x38, 0x78, 0x06, 0x15, 0x2f,
101 0x86, 0x26, 0x77, 0xf3, 0xb1, 0x85, 0x00, 0xed, 0xfc, 0x28, 0x3a, 0x42,
102 0x4d, 0xab, 0xab, 0xdf, 0xbc, 0x9c, 0x16, 0xd0, 0x22, 0x50, 0xd1, 0x38,
103 0xdd, 0x3f, 0x64, 0x05, 0x9e, 0x68, 0x7a, 0x1e, 0xf1, 0x56, 0xbf, 0x1e,
104 0x2c, 0xc5, 0x97, 0x2a, 0xfe, 0x7a, 0x22, 0xdc, 0x6c, 0x68, 0xb8, 0x2e,
105 0x06, 0xdb, 0x41, 0xca, 0x98, 0xd8, 0x54, 0xc7, 0x64, 0x48, 0x24, 0x04,
106 0x20, 0xbc, 0x59, 0xe3, 0x6b, 0xea, 0x7e, 0xfc, 0x7e, 0xc5, 0x4e, 0xd4,
107 0xd8, 0x3a, 0xed, 0xcd, 0x5d, 0x99, 0xb8, 0x5c, 0xa2, 0x8b, 0xbb, 0x0b,
108 0xac, 0xe6, 0x8e, 0x25, 0x56, 0x22, 0x3a, 0x2d, 0x3a, 0x56, 0x41, 0x14,
109 0x1f, 0x1c, 0x8f, 0x53, 0x46, 0x13, 0x85, 0x02, 0x15, 0x00, 0x98, 0x7e,
110 0x92, 0x81, 0x88, 0xc7, 0x3f, 0x70, 0x49, 0x54, 0xf6, 0x76, 0xb4, 0xa3,
111 0x9e, 0x1d, 0x45, 0x98, 0x32, 0x7f, 0x02, 0x81, 0x80, 0x69, 0x4d, 0xef,
112 0x55, 0xff, 0x4d, 0x59, 0x2c, 0x01, 0xfa, 0x6a, 0x38, 0xe0, 0x70, 0x9f,
113 0x9e, 0x66, 0x8e, 0x3e, 0x8c, 0x52, 0x22, 0x9d, 0x15, 0x7e, 0x3c, 0xef,
114 0x4c, 0x7a, 0x61, 0x26, 0xe0, 0x2b, 0x81, 0x3f, 0xeb, 0xaf, 0x35, 0x38,
115 0x8d, 0xfe, 0xed, 0x46, 0xff, 0x5f, 0x03, 0x9b, 0x81, 0x92, 0xe7, 0x6f,
116 0x76, 0x4f, 0x1d, 0xd9, 0xbb, 0x89, 0xc9, 0x3e, 0xd9, 0x0b, 0xf9, 0xf4,
117 0x78, 0x11, 0x59, 0xc0, 0x1d, 0xcd, 0x0e, 0xa1, 0x6f, 0x15, 0xf1, 0x4d,
118 0xc1, 0xc9, 0x22, 0xed, 0x8d, 0xad, 0x67, 0xc5, 0x4b, 0x95, 0x93, 0x86,
119 0xa6, 0xaf, 0x8a, 0xee, 0x06, 0x89, 0x2f, 0x37, 0x7e, 0x64, 0xaa, 0xf6,
120 0xe7, 0xb1, 0x5a, 0x0a, 0x93, 0x95, 0x5d, 0x3e, 0x53, 0x9a, 0xde, 0x8a,
121 0xc2, 0x95, 0x45, 0x81, 0xbe, 0x5c, 0x2f, 0xc2, 0xb2, 0x92, 0x58, 0x19,
122 0x72, 0x80, 0xe9, 0x79, 0xa1, 0x02, 0x81, 0x80, 0x07, 0xd7, 0x62, 0xff,
123 0xdf, 0x1a, 0x3f, 0xed, 0x32, 0xd4, 0xd4, 0x88, 0x7b, 0x2c, 0x63, 0x7f,
124 0x97, 0xdc, 0x44, 0xd4, 0x84, 0xa2, 0xdd, 0x17, 0x16, 0x85, 0x13, 0xe0,
125 0xac, 0x51, 0x8d, 0x29, 0x1b, 0x75, 0x9a, 0xe4, 0xe3, 0x8a, 0x92, 0x69,
126 0x09, 0x03, 0xc5, 0x68, 0xae, 0x5e, 0x94, 0xfe, 0xc9, 0x92, 0x6c, 0x07,
127 0xb4, 0x1e, 0x64, 0x62, 0x87, 0xc6, 0xa4, 0xfd, 0x0d, 0x5f, 0xe5, 0xf9,
128 0x1b, 0x4f, 0x85, 0x5f, 0xae, 0xf3, 0x11, 0xe5, 0x18, 0xd4, 0x4d, 0x79,
129 0x9f, 0xc4, 0x79, 0x26, 0x04, 0x27, 0xf0, 0x0b, 0xee, 0x2b, 0x86, 0x9f,
130 0x86, 0x61, 0xe6, 0x51, 0xce, 0x04, 0x9b, 0x5d, 0x6b, 0x34, 0x43, 0x8c,
131 0x85, 0x3c, 0xf1, 0x51, 0x9b, 0x08, 0x23, 0x1b, 0xf5, 0x7e, 0x33, 0x12,
132 0xea, 0xab, 0x1f, 0xb7, 0x2d, 0xe2, 0x5f, 0xe6, 0x97, 0x99, 0xb5, 0x45,
133 0x16, 0x5b, 0xc3, 0x41, 0x02, 0x14, 0x61, 0xbf, 0x51, 0x60, 0xcf, 0xc8,
134 0xf1, 0x8c, 0x82, 0x97, 0xf2, 0xf4, 0x19, 0xba, 0x2b, 0xf3, 0x16, 0xbe,
140 * kExampleBadRSAKeyDER is an RSA private key in ASN.1, DER format. The private
141 * components are not correct.
143 static const unsigned char kExampleBadRSAKeyDER[] = {
144 0x30, 0x82, 0x04, 0x27, 0x02, 0x01, 0x00, 0x02, 0x82, 0x01, 0x01, 0x00,
145 0xa6, 0x1a, 0x1e, 0x6e, 0x7b, 0xee, 0xc6, 0x89, 0x66, 0xe7, 0x93, 0xef,
146 0x54, 0x12, 0x68, 0xea, 0xbf, 0x86, 0x2f, 0xdd, 0xd2, 0x79, 0xb8, 0xa9,
147 0x6e, 0x03, 0xc2, 0xa3, 0xb9, 0xa3, 0xe1, 0x4b, 0x2a, 0xb3, 0xf8, 0xb4,
148 0xcd, 0xea, 0xbe, 0x24, 0xa6, 0x57, 0x5b, 0x83, 0x1f, 0x0f, 0xf2, 0xd3,
149 0xb7, 0xac, 0x7e, 0xd6, 0x8e, 0x6e, 0x1e, 0xbf, 0xb8, 0x73, 0x8c, 0x05,
150 0x56, 0xe6, 0x35, 0x1f, 0xe9, 0x04, 0x0b, 0x09, 0x86, 0x7d, 0xf1, 0x26,
151 0x08, 0x99, 0xad, 0x7b, 0xc8, 0x4d, 0x94, 0xb0, 0x0b, 0x8b, 0x38, 0xa0,
152 0x5c, 0x62, 0xa0, 0xab, 0xd3, 0x8f, 0xd4, 0x09, 0x60, 0x72, 0x1e, 0x33,
153 0x50, 0x80, 0x6e, 0x22, 0xa6, 0x77, 0x57, 0x6b, 0x9a, 0x33, 0x21, 0x66,
154 0x87, 0x6e, 0x21, 0x7b, 0xc7, 0x24, 0x0e, 0xd8, 0x13, 0xdf, 0x83, 0xde,
155 0xcd, 0x40, 0x58, 0x1d, 0x84, 0x86, 0xeb, 0xb8, 0x12, 0x4e, 0xd2, 0xfa,
156 0x80, 0x1f, 0xe4, 0xe7, 0x96, 0x29, 0xb8, 0xcc, 0xce, 0x66, 0x6d, 0x53,
157 0xca, 0xb9, 0x5a, 0xd7, 0xf6, 0x84, 0x6c, 0x2d, 0x9a, 0x1a, 0x14, 0x1c,
158 0x4e, 0x93, 0x39, 0xba, 0x74, 0xed, 0xed, 0x87, 0x87, 0x5e, 0x48, 0x75,
159 0x36, 0xf0, 0xbc, 0x34, 0xfb, 0x29, 0xf9, 0x9f, 0x96, 0x5b, 0x0b, 0xa7,
160 0x54, 0x30, 0x51, 0x29, 0x18, 0x5b, 0x7d, 0xac, 0x0f, 0xd6, 0x5f, 0x7c,
161 0xf8, 0x98, 0x8c, 0xd8, 0x86, 0x62, 0xb3, 0xdc, 0xff, 0x0f, 0xff, 0x7a,
162 0xaf, 0x5c, 0x4c, 0x61, 0x49, 0x2e, 0xc8, 0x95, 0x86, 0xc4, 0x0e, 0x87,
163 0xfc, 0x1d, 0xcf, 0x8b, 0x7c, 0x61, 0xf6, 0xd8, 0xd0, 0x69, 0xf6, 0xcd,
164 0x8a, 0x8c, 0xf6, 0x62, 0xa2, 0x56, 0xa9, 0xe3, 0xd1, 0xcf, 0x4d, 0xa0,
165 0xf6, 0x2d, 0x20, 0x0a, 0x04, 0xb7, 0xa2, 0xf7, 0xb5, 0x99, 0x47, 0x18,
166 0x56, 0x85, 0x87, 0xc7, 0x02, 0x03, 0x01, 0x00, 0x01, 0x02, 0x82, 0x01,
167 0x01, 0x00, 0x99, 0x41, 0x38, 0x1a, 0xd0, 0x96, 0x7a, 0xf0, 0x83, 0xd5,
168 0xdf, 0x94, 0xce, 0x89, 0x3d, 0xec, 0x7a, 0x52, 0x21, 0x10, 0x16, 0x06,
169 0xe0, 0xee, 0xd2, 0xe6, 0xfd, 0x4b, 0x7b, 0x19, 0x4d, 0xe1, 0xc0, 0xc0,
170 0xd5, 0x14, 0x5d, 0x79, 0xdd, 0x7e, 0x8b, 0x4b, 0xc6, 0xcf, 0xb0, 0x75,
171 0x52, 0xa3, 0x2d, 0xb1, 0x26, 0x46, 0x68, 0x9c, 0x0a, 0x1a, 0xf2, 0xe1,
172 0x09, 0xac, 0x53, 0x85, 0x8c, 0x36, 0xa9, 0x14, 0x65, 0xea, 0xa0, 0x00,
173 0xcb, 0xe3, 0x3f, 0xc4, 0x2b, 0x61, 0x2e, 0x6b, 0x06, 0x69, 0x77, 0xfd,
174 0x38, 0x7e, 0x1d, 0x3f, 0x92, 0xe7, 0x77, 0x08, 0x19, 0xa7, 0x9d, 0x29,
175 0x2d, 0xdc, 0x42, 0xc6, 0x7c, 0xd7, 0xd3, 0xa8, 0x01, 0x2c, 0xf2, 0xd5,
176 0x82, 0x57, 0xcb, 0x55, 0x3d, 0xe7, 0xaa, 0xd2, 0x06, 0x30, 0x30, 0x05,
177 0xe6, 0xf2, 0x47, 0x86, 0xba, 0xc6, 0x61, 0x64, 0xeb, 0x4f, 0x2a, 0x5e,
178 0x07, 0x29, 0xe0, 0x96, 0xb2, 0x43, 0xff, 0x5f, 0x1a, 0x54, 0x16, 0xcf,
179 0xb5, 0x56, 0x5c, 0xa0, 0x9b, 0x0c, 0xfd, 0xb3, 0xd2, 0xe3, 0x79, 0x1d,
180 0x21, 0xe2, 0xd6, 0x13, 0xc4, 0x74, 0xa6, 0xf5, 0x8e, 0x8e, 0x81, 0xbb,
181 0xb4, 0xad, 0x8a, 0xf0, 0x93, 0x0a, 0xd8, 0x0a, 0x42, 0x36, 0xbc, 0xe5,
182 0x26, 0x2a, 0x0d, 0x5d, 0x57, 0x13, 0xc5, 0x4e, 0x2f, 0x12, 0x0e, 0xef,
183 0xa7, 0x81, 0x1e, 0xc3, 0xa5, 0xdb, 0xc9, 0x24, 0xeb, 0x1a, 0xa1, 0xf9,
184 0xf6, 0xa1, 0x78, 0x98, 0x93, 0x77, 0x42, 0x45, 0x03, 0xe2, 0xc9, 0xa2,
185 0xfe, 0x2d, 0x77, 0xc8, 0xc6, 0xac, 0x9b, 0x98, 0x89, 0x6d, 0x9a, 0xe7,
186 0x61, 0x63, 0xb7, 0xf2, 0xec, 0xd6, 0xb1, 0xa1, 0x6e, 0x0a, 0x1a, 0xff,
187 0xfd, 0x43, 0x28, 0xc3, 0x0c, 0xdc, 0xf2, 0x47, 0x4f, 0x27, 0xaa, 0x99,
188 0x04, 0x8e, 0xac, 0xe8, 0x7c, 0x01, 0x02, 0x04, 0x12, 0x34, 0x56, 0x78,
189 0x02, 0x81, 0x81, 0x00, 0xca, 0x69, 0xe5, 0xbb, 0x3a, 0x90, 0x82, 0xcb,
190 0x82, 0x50, 0x2f, 0x29, 0xe2, 0x76, 0x6a, 0x57, 0x55, 0x45, 0x4e, 0x35,
191 0x18, 0x61, 0xe0, 0x12, 0x70, 0xc0, 0xab, 0xc7, 0x80, 0xa2, 0xd4, 0x46,
192 0x34, 0x03, 0xa0, 0x19, 0x26, 0x23, 0x9e, 0xef, 0x1a, 0xcb, 0x75, 0xd6,
193 0xba, 0x81, 0xf4, 0x7e, 0x52, 0xe5, 0x2a, 0xe8, 0xf1, 0x49, 0x6c, 0x0f,
194 0x1a, 0xa0, 0xf9, 0xc6, 0xe7, 0xec, 0x60, 0xe4, 0xcb, 0x2a, 0xb5, 0x56,
195 0xe9, 0x9c, 0xcd, 0x19, 0x75, 0x92, 0xb1, 0x66, 0xce, 0xc3, 0xd9, 0x3d,
196 0x11, 0xcb, 0xc4, 0x09, 0xce, 0x1e, 0x30, 0xba, 0x2f, 0x60, 0x60, 0x55,
197 0x8d, 0x02, 0xdc, 0x5d, 0xaf, 0xf7, 0x52, 0x31, 0x17, 0x07, 0x53, 0x20,
198 0x33, 0xad, 0x8c, 0xd5, 0x2f, 0x5a, 0xd0, 0x57, 0xd7, 0xd1, 0x80, 0xd6,
199 0x3a, 0x9b, 0x04, 0x4f, 0x35, 0xbf, 0xe7, 0xd5, 0xbc, 0x8f, 0xd4, 0x81,
200 0x02, 0x81, 0x81, 0x00, 0xc0, 0x9f, 0xf8, 0xcd, 0xf7, 0x3f, 0x26, 0x8a,
201 0x3d, 0x4d, 0x2b, 0x0c, 0x01, 0xd0, 0xa2, 0xb4, 0x18, 0xfe, 0xf7, 0x5e,
202 0x2f, 0x06, 0x13, 0xcd, 0x63, 0xaa, 0x12, 0xa9, 0x24, 0x86, 0xe3, 0xf3,
203 0x7b, 0xda, 0x1a, 0x3c, 0xb1, 0x38, 0x80, 0x80, 0xef, 0x64, 0x64, 0xa1,
204 0x9b, 0xfe, 0x76, 0x63, 0x8e, 0x83, 0xd2, 0xd9, 0xb9, 0x86, 0xb0, 0xe6,
205 0xa6, 0x0c, 0x7e, 0xa8, 0x84, 0x90, 0x98, 0x0c, 0x1e, 0xf3, 0x14, 0x77,
206 0xe0, 0x5f, 0x81, 0x08, 0x11, 0x8f, 0xa6, 0x23, 0xc4, 0xba, 0xc0, 0x8a,
207 0xe4, 0xc6, 0xe3, 0x5c, 0xbe, 0xc5, 0xec, 0x2c, 0xb9, 0xd8, 0x8c, 0x4d,
208 0x1a, 0x9d, 0xe7, 0x7c, 0x85, 0x4c, 0x0d, 0x71, 0x4e, 0x72, 0x33, 0x1b,
209 0xfe, 0xa9, 0x17, 0x72, 0x76, 0x56, 0x9d, 0x74, 0x7e, 0x52, 0x67, 0x9a,
210 0x87, 0x9a, 0xdb, 0x30, 0xde, 0xe4, 0x49, 0x28, 0x3b, 0xd2, 0x67, 0xaf,
211 0x02, 0x81, 0x81, 0x00, 0x89, 0x74, 0x9a, 0x8e, 0xa7, 0xb9, 0xa5, 0x28,
212 0xc0, 0x68, 0xe5, 0x6e, 0x63, 0x1c, 0x99, 0x20, 0x8f, 0x86, 0x8e, 0x12,
213 0x9e, 0x69, 0x30, 0xfa, 0x34, 0xd9, 0x92, 0x8d, 0xdb, 0x7c, 0x37, 0xfd,
214 0x28, 0xab, 0x61, 0x98, 0x52, 0x7f, 0x14, 0x1a, 0x39, 0xae, 0xfb, 0x6a,
215 0x03, 0xa3, 0xe6, 0xbd, 0xb6, 0x5b, 0x6b, 0xe5, 0x5e, 0x9d, 0xc6, 0xa5,
216 0x07, 0x27, 0x54, 0x17, 0xd0, 0x3d, 0x84, 0x9b, 0x3a, 0xa0, 0xd9, 0x1e,
217 0x99, 0x6c, 0x63, 0x17, 0xab, 0xf1, 0x1f, 0x49, 0xba, 0x95, 0xe3, 0x3b,
218 0x86, 0x8f, 0x42, 0xa4, 0x89, 0xf5, 0x94, 0x8f, 0x8b, 0x46, 0xbe, 0x84,
219 0xba, 0x4a, 0xbc, 0x0d, 0x5f, 0x46, 0xeb, 0xe8, 0xec, 0x43, 0x8c, 0x1e,
220 0xad, 0x19, 0x69, 0x2f, 0x08, 0x86, 0x7a, 0x3f, 0x7d, 0x0f, 0x07, 0x97,
221 0xf3, 0x9a, 0x7b, 0xb5, 0xb2, 0xc1, 0x8c, 0x95, 0x68, 0x04, 0xa0, 0x81,
222 0x02, 0x81, 0x80, 0x4e, 0xbf, 0x7e, 0x1b, 0xcb, 0x13, 0x61, 0x75, 0x3b,
223 0xdb, 0x59, 0x5f, 0xb1, 0xd4, 0xb8, 0xeb, 0x9e, 0x73, 0xb5, 0xe7, 0xf6,
224 0x89, 0x3d, 0x1c, 0xda, 0xf0, 0x36, 0xff, 0x35, 0xbd, 0x1e, 0x0b, 0x74,
225 0xe3, 0x9e, 0xf0, 0xf2, 0xf7, 0xd7, 0x82, 0xb7, 0x7b, 0x6a, 0x1b, 0x0e,
226 0x30, 0x4a, 0x98, 0x0e, 0xb4, 0xf9, 0x81, 0x07, 0xe4, 0x75, 0x39, 0xe9,
227 0x53, 0xca, 0xbb, 0x5c, 0xaa, 0x93, 0x07, 0x0e, 0xa8, 0x2f, 0xba, 0x98,
228 0x49, 0x30, 0xa7, 0xcc, 0x1a, 0x3c, 0x68, 0x0c, 0xe1, 0xa4, 0xb1, 0x05,
229 0xe6, 0xe0, 0x25, 0x78, 0x58, 0x14, 0x37, 0xf5, 0x1f, 0xe3, 0x22, 0xef,
230 0xa8, 0x0e, 0x22, 0xa0, 0x94, 0x3a, 0xf6, 0xc9, 0x13, 0xe6, 0x06, 0xbf,
231 0x7f, 0x99, 0xc6, 0xcc, 0xd8, 0xc6, 0xbe, 0xd9, 0x2e, 0x24, 0xc7, 0x69,
232 0x8c, 0x95, 0xba, 0xf6, 0x04, 0xb3, 0x0a, 0xf4, 0xcb, 0xf0, 0xce,
235 static const unsigned char kMsg[] = { 1, 2, 3, 4 };
237 static const unsigned char kSignature[] = {
238 0xa5, 0xf0, 0x8a, 0x47, 0x5d, 0x3c, 0xb3, 0xcc, 0xa9, 0x79, 0xaf, 0x4d,
239 0x8c, 0xae, 0x4c, 0x14, 0xef, 0xc2, 0x0b, 0x34, 0x36, 0xde, 0xf4, 0x3e,
240 0x3d, 0xbb, 0x4a, 0x60, 0x5c, 0xc8, 0x91, 0x28, 0xda, 0xfb, 0x7e, 0x04,
241 0x96, 0x7e, 0x63, 0x13, 0x90, 0xce, 0xb9, 0xb4, 0x62, 0x7a, 0xfd, 0x09,
242 0x3d, 0xc7, 0x67, 0x78, 0x54, 0x04, 0xeb, 0x52, 0x62, 0x6e, 0x24, 0x67,
243 0xb4, 0x40, 0xfc, 0x57, 0x62, 0xc6, 0xf1, 0x67, 0xc1, 0x97, 0x8f, 0x6a,
244 0xa8, 0xae, 0x44, 0x46, 0x5e, 0xab, 0x67, 0x17, 0x53, 0x19, 0x3a, 0xda,
245 0x5a, 0xc8, 0x16, 0x3e, 0x86, 0xd5, 0xc5, 0x71, 0x2f, 0xfc, 0x23, 0x48,
246 0xd9, 0x0b, 0x13, 0xdd, 0x7b, 0x5a, 0x25, 0x79, 0xef, 0xa5, 0x7b, 0x04,
247 0xed, 0x44, 0xf6, 0x18, 0x55, 0xe4, 0x0a, 0xe9, 0x57, 0x79, 0x5d, 0xd7,
248 0x55, 0xa7, 0xab, 0x45, 0x02, 0x97, 0x60, 0x42,
252 * kExampleRSAKeyPKCS8 is kExampleRSAKeyDER encoded in a PKCS #8
255 static const unsigned char kExampleRSAKeyPKCS8[] = {
256 0x30, 0x82, 0x02, 0x76, 0x02, 0x01, 0x00, 0x30, 0x0d, 0x06, 0x09, 0x2a,
257 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x04, 0x82,
258 0x02, 0x60, 0x30, 0x82, 0x02, 0x5c, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81,
259 0x00, 0xf8, 0xb8, 0x6c, 0x83, 0xb4, 0xbc, 0xd9, 0xa8, 0x57, 0xc0, 0xa5,
260 0xb4, 0x59, 0x76, 0x8c, 0x54, 0x1d, 0x79, 0xeb, 0x22, 0x52, 0x04, 0x7e,
261 0xd3, 0x37, 0xeb, 0x41, 0xfd, 0x83, 0xf9, 0xf0, 0xa6, 0x85, 0x15, 0x34,
262 0x75, 0x71, 0x5a, 0x84, 0xa8, 0x3c, 0xd2, 0xef, 0x5a, 0x4e, 0xd3, 0xde,
263 0x97, 0x8a, 0xdd, 0xff, 0xbb, 0xcf, 0x0a, 0xaa, 0x86, 0x92, 0xbe, 0xb8,
264 0x50, 0xe4, 0xcd, 0x6f, 0x80, 0x33, 0x30, 0x76, 0x13, 0x8f, 0xca, 0x7b,
265 0xdc, 0xec, 0x5a, 0xca, 0x63, 0xc7, 0x03, 0x25, 0xef, 0xa8, 0x8a, 0x83,
266 0x58, 0x76, 0x20, 0xfa, 0x16, 0x77, 0xd7, 0x79, 0x92, 0x63, 0x01, 0x48,
267 0x1a, 0xd8, 0x7b, 0x67, 0xf1, 0x52, 0x55, 0x49, 0x4e, 0xd6, 0x6e, 0x4a,
268 0x5c, 0xd7, 0x7a, 0x37, 0x36, 0x0c, 0xde, 0xdd, 0x8f, 0x44, 0xe8, 0xc2,
269 0xa7, 0x2c, 0x2b, 0xb5, 0xaf, 0x64, 0x4b, 0x61, 0x07, 0x02, 0x03, 0x01,
270 0x00, 0x01, 0x02, 0x81, 0x80, 0x74, 0x88, 0x64, 0x3f, 0x69, 0x45, 0x3a,
271 0x6d, 0xc7, 0x7f, 0xb9, 0xa3, 0xc0, 0x6e, 0xec, 0xdc, 0xd4, 0x5a, 0xb5,
272 0x32, 0x85, 0x5f, 0x19, 0xd4, 0xf8, 0xd4, 0x3f, 0x3c, 0xfa, 0xc2, 0xf6,
273 0x5f, 0xee, 0xe6, 0xba, 0x87, 0x74, 0x2e, 0xc7, 0x0c, 0xd4, 0x42, 0xb8,
274 0x66, 0x85, 0x9c, 0x7b, 0x24, 0x61, 0xaa, 0x16, 0x11, 0xf6, 0xb5, 0xb6,
275 0xa4, 0x0a, 0xc9, 0x55, 0x2e, 0x81, 0xa5, 0x47, 0x61, 0xcb, 0x25, 0x8f,
276 0xc2, 0x15, 0x7b, 0x0e, 0x7c, 0x36, 0x9f, 0x3a, 0xda, 0x58, 0x86, 0x1c,
277 0x5b, 0x83, 0x79, 0xe6, 0x2b, 0xcc, 0xe6, 0xfa, 0x2c, 0x61, 0xf2, 0x78,
278 0x80, 0x1b, 0xe2, 0xf3, 0x9d, 0x39, 0x2b, 0x65, 0x57, 0x91, 0x3d, 0x71,
279 0x99, 0x73, 0xa5, 0xc2, 0x79, 0x20, 0x8c, 0x07, 0x4f, 0xe5, 0xb4, 0x60,
280 0x1f, 0x99, 0xa2, 0xb1, 0x4f, 0x0c, 0xef, 0xbc, 0x59, 0x53, 0x00, 0x7d,
281 0xb1, 0x02, 0x41, 0x00, 0xfc, 0x7e, 0x23, 0x65, 0x70, 0xf8, 0xce, 0xd3,
282 0x40, 0x41, 0x80, 0x6a, 0x1d, 0x01, 0xd6, 0x01, 0xff, 0xb6, 0x1b, 0x3d,
283 0x3d, 0x59, 0x09, 0x33, 0x79, 0xc0, 0x4f, 0xde, 0x96, 0x27, 0x4b, 0x18,
284 0xc6, 0xd9, 0x78, 0xf1, 0xf4, 0x35, 0x46, 0xe9, 0x7c, 0x42, 0x7a, 0x5d,
285 0x9f, 0xef, 0x54, 0xb8, 0xf7, 0x9f, 0xc4, 0x33, 0x6c, 0xf3, 0x8c, 0x32,
286 0x46, 0x87, 0x67, 0x30, 0x7b, 0xa7, 0xac, 0xe3, 0x02, 0x41, 0x00, 0xfc,
287 0x2c, 0xdf, 0x0c, 0x0d, 0x88, 0xf5, 0xb1, 0x92, 0xa8, 0x93, 0x47, 0x63,
288 0x55, 0xf5, 0xca, 0x58, 0x43, 0xba, 0x1c, 0xe5, 0x9e, 0xb6, 0x95, 0x05,
289 0xcd, 0xb5, 0x82, 0xdf, 0xeb, 0x04, 0x53, 0x9d, 0xbd, 0xc2, 0x38, 0x16,
290 0xb3, 0x62, 0xdd, 0xa1, 0x46, 0xdb, 0x6d, 0x97, 0x93, 0x9f, 0x8a, 0xc3,
291 0x9b, 0x64, 0x7e, 0x42, 0xe3, 0x32, 0x57, 0x19, 0x1b, 0xd5, 0x6e, 0x85,
292 0xfa, 0xb8, 0x8d, 0x02, 0x41, 0x00, 0xbc, 0x3d, 0xde, 0x6d, 0xd6, 0x97,
293 0xe8, 0xba, 0x9e, 0x81, 0x37, 0x17, 0xe5, 0xa0, 0x64, 0xc9, 0x00, 0xb7,
294 0xe7, 0xfe, 0xf4, 0x29, 0xd9, 0x2e, 0x43, 0x6b, 0x19, 0x20, 0xbd, 0x99,
295 0x75, 0xe7, 0x76, 0xf8, 0xd3, 0xae, 0xaf, 0x7e, 0xb8, 0xeb, 0x81, 0xf4,
296 0x9d, 0xfe, 0x07, 0x2b, 0x0b, 0x63, 0x0b, 0x5a, 0x55, 0x90, 0x71, 0x7d,
297 0xf1, 0xdb, 0xd9, 0xb1, 0x41, 0x41, 0x68, 0x2f, 0x4e, 0x39, 0x02, 0x40,
298 0x5a, 0x34, 0x66, 0xd8, 0xf5, 0xe2, 0x7f, 0x18, 0xb5, 0x00, 0x6e, 0x26,
299 0x84, 0x27, 0x14, 0x93, 0xfb, 0xfc, 0xc6, 0x0f, 0x5e, 0x27, 0xe6, 0xe1,
300 0xe9, 0xc0, 0x8a, 0xe4, 0x34, 0xda, 0xe9, 0xa2, 0x4b, 0x73, 0xbc, 0x8c,
301 0xb9, 0xba, 0x13, 0x6c, 0x7a, 0x2b, 0x51, 0x84, 0xa3, 0x4a, 0xe0, 0x30,
302 0x10, 0x06, 0x7e, 0xed, 0x17, 0x5a, 0x14, 0x00, 0xc9, 0xef, 0x85, 0xea,
303 0x52, 0x2c, 0xbc, 0x65, 0x02, 0x40, 0x51, 0xe3, 0xf2, 0x83, 0x19, 0x9b,
304 0xc4, 0x1e, 0x2f, 0x50, 0x3d, 0xdf, 0x5a, 0xa2, 0x18, 0xca, 0x5f, 0x2e,
305 0x49, 0xaf, 0x6f, 0xcc, 0xfa, 0x65, 0x77, 0x94, 0xb5, 0xa1, 0x0a, 0xa9,
306 0xd1, 0x8a, 0x39, 0x37, 0xf4, 0x0b, 0xa0, 0xd7, 0x82, 0x27, 0x5e, 0xae,
307 0x17, 0x17, 0xa1, 0x1e, 0x54, 0x34, 0xbf, 0x6e, 0xc4, 0x8e, 0x99, 0x5d,
308 0x08, 0xf1, 0x2d, 0x86, 0x9d, 0xa5, 0x20, 0x1b, 0xe5, 0xdf,
311 #ifndef OPENSSL_NO_EC
313 * kExampleECKeyDER is a sample EC private key encoded as an ECPrivateKey
316 static const unsigned char kExampleECKeyDER[] = {
317 0x30, 0x77, 0x02, 0x01, 0x01, 0x04, 0x20, 0x07, 0x0f, 0x08, 0x72, 0x7a,
318 0xd4, 0xa0, 0x4a, 0x9c, 0xdd, 0x59, 0xc9, 0x4d, 0x89, 0x68, 0x77, 0x08,
319 0xb5, 0x6f, 0xc9, 0x5d, 0x30, 0x77, 0x0e, 0xe8, 0xd1, 0xc9, 0xce, 0x0a,
320 0x8b, 0xb4, 0x6a, 0xa0, 0x0a, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d,
321 0x03, 0x01, 0x07, 0xa1, 0x44, 0x03, 0x42, 0x00, 0x04, 0xe6, 0x2b, 0x69,
322 0xe2, 0xbf, 0x65, 0x9f, 0x97, 0xbe, 0x2f, 0x1e, 0x0d, 0x94, 0x8a, 0x4c,
323 0xd5, 0x97, 0x6b, 0xb7, 0xa9, 0x1e, 0x0d, 0x46, 0xfb, 0xdd, 0xa9, 0xa9,
324 0x1e, 0x9d, 0xdc, 0xba, 0x5a, 0x01, 0xe7, 0xd6, 0x97, 0xa8, 0x0a, 0x18,
325 0xf9, 0xc3, 0xc4, 0xa3, 0x1e, 0x56, 0xe2, 0x7c, 0x83, 0x48, 0xdb, 0x16,
326 0x1a, 0x1c, 0xf5, 0x1d, 0x7e, 0xf1, 0x94, 0x2d, 0x4b, 0xcf, 0x72, 0x22,
331 * kExampleBadECKeyDER is a sample EC private key encoded as an ECPrivateKey
332 * structure. The private key is equal to the order and will fail to import
334 static const unsigned char kExampleBadECKeyDER[] = {
335 0x30, 0x66, 0x02, 0x01, 0x00, 0x30, 0x13, 0x06, 0x07, 0x2A, 0x86, 0x48,
336 0xCE, 0x3D, 0x02, 0x01, 0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x03,
337 0x01, 0x07, 0x04, 0x4C, 0x30, 0x4A, 0x02, 0x01, 0x01, 0x04, 0x20, 0xFF,
338 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
339 0xFF, 0xFF, 0xFF, 0xBC, 0xE6, 0xFA, 0xAD, 0xA7, 0x17, 0x9E, 0x84, 0xF3,
340 0xB9, 0xCA, 0xC2, 0xFC, 0x63, 0x25, 0x51, 0xA1, 0x23, 0x03, 0x21, 0x00,
341 0x00, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF,
342 0xFF, 0xFF, 0xFF, 0xFF, 0xBC, 0xE6, 0xFA, 0xAD, 0xA7, 0x17, 0x9E, 0x84,
343 0xF3, 0xB9, 0xCA, 0xC2, 0xFC, 0x63, 0x25, 0x51
347 static const unsigned char kExampleECPubKeyDER[] = {
348 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
349 0x01, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, 0x03,
350 0x42, 0x00, 0x04, 0xba, 0xeb, 0x83, 0xfb, 0x3b, 0xb2, 0xff, 0x30, 0x53,
351 0xdb, 0xce, 0x32, 0xf2, 0xac, 0xae, 0x44, 0x0d, 0x3d, 0x13, 0x53, 0xb8,
352 0xd1, 0x68, 0x55, 0xde, 0x44, 0x46, 0x05, 0xa6, 0xc9, 0xd2, 0x04, 0xb7,
353 0xe3, 0xa2, 0x96, 0xc8, 0xb2, 0x5e, 0x22, 0x03, 0xd7, 0x03, 0x7a, 0x8b,
354 0x13, 0x5c, 0x42, 0x49, 0xc2, 0xab, 0x86, 0xd6, 0xac, 0x6b, 0x93, 0x20,
355 0x56, 0x6a, 0xc6, 0xc8, 0xa5, 0x0b, 0xe5
359 * kExampleBadECPubKeyDER is a sample EC public key with a wrong OID
360 * 1.2.840.10045.2.2 instead of 1.2.840.10045.2.1 - EC Public Key
362 static const unsigned char kExampleBadECPubKeyDER[] = {
363 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
364 0x02, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, 0x03,
365 0x42, 0x00, 0x04, 0xba, 0xeb, 0x83, 0xfb, 0x3b, 0xb2, 0xff, 0x30, 0x53,
366 0xdb, 0xce, 0x32, 0xf2, 0xac, 0xae, 0x44, 0x0d, 0x3d, 0x13, 0x53, 0xb8,
367 0xd1, 0x68, 0x55, 0xde, 0x44, 0x46, 0x05, 0xa6, 0xc9, 0xd2, 0x04, 0xb7,
368 0xe3, 0xa2, 0x96, 0xc8, 0xb2, 0x5e, 0x22, 0x03, 0xd7, 0x03, 0x7a, 0x8b,
369 0x13, 0x5c, 0x42, 0x49, 0xc2, 0xab, 0x86, 0xd6, 0xac, 0x6b, 0x93, 0x20,
370 0x56, 0x6a, 0xc6, 0xc8, 0xa5, 0x0b, 0xe5
373 static const unsigned char pExampleECParamDER[] = {
374 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07
378 typedef struct APK_DATA_st {
379 const unsigned char *kder;
385 int type; /* 0 for private, 1 for public, 2 for params */
388 static APK_DATA keydata[] = {
389 {kExampleRSAKeyDER, sizeof(kExampleRSAKeyDER), EVP_PKEY_RSA},
390 {kExampleRSAKeyPKCS8, sizeof(kExampleRSAKeyPKCS8), EVP_PKEY_RSA},
391 #ifndef OPENSSL_NO_EC
392 {kExampleECKeyDER, sizeof(kExampleECKeyDER), EVP_PKEY_EC}
396 static APK_DATA keycheckdata[] = {
397 {kExampleRSAKeyDER, sizeof(kExampleRSAKeyDER), EVP_PKEY_RSA, 1, -2, -2, 0},
398 {kExampleBadRSAKeyDER, sizeof(kExampleBadRSAKeyDER), EVP_PKEY_RSA,
400 #ifndef OPENSSL_NO_EC
401 {kExampleECKeyDER, sizeof(kExampleECKeyDER), EVP_PKEY_EC, 1, 1, 1, 0},
402 /* group is also associated in our pub key */
403 {kExampleECPubKeyDER, sizeof(kExampleECPubKeyDER), EVP_PKEY_EC, 0, 1, 1, 1},
404 {pExampleECParamDER, sizeof(pExampleECParamDER), EVP_PKEY_EC, 0, 0, 1, 2}
408 static EVP_PKEY *load_example_rsa_key(void)
410 EVP_PKEY *ret = NULL;
411 const unsigned char *derp = kExampleRSAKeyDER;
412 EVP_PKEY *pkey = NULL;
415 if (!TEST_true(d2i_RSAPrivateKey(&rsa, &derp, sizeof(kExampleRSAKeyDER))))
418 if (!TEST_ptr(pkey = EVP_PKEY_new())
419 || !TEST_true(EVP_PKEY_set1_RSA(pkey, rsa)))
432 #ifndef OPENSSL_NO_DSA
433 static EVP_PKEY *load_example_dsa_key(void)
435 EVP_PKEY *ret = NULL;
436 const unsigned char *derp = kExampleDSAKeyDER;
437 EVP_PKEY *pkey = NULL;
440 if (!TEST_true(d2i_DSAPrivateKey(&dsa, &derp, sizeof(kExampleDSAKeyDER))))
443 if (!TEST_ptr(pkey = EVP_PKEY_new())
444 || !TEST_true(EVP_PKEY_set1_DSA(pkey, dsa)))
458 static EVP_PKEY *load_example_hmac_key(void)
460 EVP_PKEY *pkey = NULL;
461 unsigned char key[] = {
462 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
463 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
464 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f
467 pkey = EVP_PKEY_new_raw_private_key(EVP_PKEY_HMAC, NULL, key, sizeof(key));
474 static int test_EVP_Enveloped(void)
477 EVP_CIPHER_CTX *ctx = NULL;
478 EVP_PKEY *keypair = NULL;
479 unsigned char *kek = NULL;
480 unsigned char iv[EVP_MAX_IV_LENGTH];
481 static const unsigned char msg[] = { 1, 2, 3, 4, 5, 6, 7, 8 };
482 int len, kek_len, ciphertext_len, plaintext_len;
483 unsigned char ciphertext[32], plaintext[16];
484 const EVP_CIPHER *type = EVP_aes_256_cbc();
486 if (!TEST_ptr(keypair = load_example_rsa_key())
487 || !TEST_ptr(kek = OPENSSL_zalloc(EVP_PKEY_size(keypair)))
488 || !TEST_ptr(ctx = EVP_CIPHER_CTX_new())
489 || !TEST_true(EVP_SealInit(ctx, type, &kek, &kek_len, iv,
491 || !TEST_true(EVP_SealUpdate(ctx, ciphertext, &ciphertext_len,
493 || !TEST_true(EVP_SealFinal(ctx, ciphertext + ciphertext_len,
497 ciphertext_len += len;
499 if (!TEST_true(EVP_OpenInit(ctx, type, kek, kek_len, iv, keypair))
500 || !TEST_true(EVP_OpenUpdate(ctx, plaintext, &plaintext_len,
501 ciphertext, ciphertext_len))
502 || !TEST_true(EVP_OpenFinal(ctx, plaintext + plaintext_len, &len)))
505 plaintext_len += len;
506 if (!TEST_mem_eq(msg, sizeof(msg), plaintext, plaintext_len))
512 EVP_PKEY_free(keypair);
513 EVP_CIPHER_CTX_free(ctx);
518 * Test 0: Standard calls to EVP_DigestSignInit/Update/Final (Implicit fetch digest, RSA)
519 * Test 1: Standard calls to EVP_DigestSignInit/Update/Final (Implicit fetch digest, DSA)
520 * Test 2: Standard calls to EVP_DigestSignInit/Update/Final (Implicit fetch digest, HMAC)
521 * Test 3: Standard calls to EVP_DigestSignInit/Update/Final (Explicit fetch digest, RSA)
522 * Test 4: Standard calls to EVP_DigestSignInit/Update/Final (Explicit fetch digest, DSA)
523 * Test 5: Standard calls to EVP_DigestSignInit/Update/Final (Explicit fetch diegst, HMAC)
524 * Test 6: Use an MD BIO to do the Update calls instead (RSA)
525 * Test 7: Use an MD BIO to do the Update calls instead (DSA)
526 * Test 8: Use an MD BIO to do the Update calls instead (HMAC)
528 static int test_EVP_DigestSignInit(int tst)
531 EVP_PKEY *pkey = NULL;
532 unsigned char *sig = NULL;
534 EVP_MD_CTX *md_ctx = NULL, *md_ctx_verify = NULL;
535 EVP_MD_CTX *a_md_ctx = NULL, *a_md_ctx_verify = NULL;
536 BIO *mdbio = NULL, *membio = NULL;
539 EVP_MD *mdexp = NULL;
542 membio = BIO_new(BIO_s_mem());
543 mdbio = BIO_new(BIO_f_md());
544 if (!TEST_ptr(membio) || !TEST_ptr(mdbio))
546 BIO_push(mdbio, membio);
547 if (!TEST_int_gt(BIO_get_md_ctx(mdbio, &md_ctx), 0))
550 if (!TEST_ptr(a_md_ctx = md_ctx = EVP_MD_CTX_new())
551 || !TEST_ptr(a_md_ctx_verify = md_ctx_verify = EVP_MD_CTX_new()))
555 if (tst == 0 || tst == 3 || tst == 6) {
556 if (!TEST_ptr(pkey = load_example_rsa_key()))
558 } else if (tst == 1 || tst == 4 || tst == 7) {
559 #ifndef OPENSSL_NO_DSA
560 if (!TEST_ptr(pkey = load_example_dsa_key()))
567 if (!TEST_ptr(pkey = load_example_hmac_key()))
571 if (tst >= 3 && tst <= 5)
572 md = mdexp = EVP_MD_fetch(NULL, "SHA256", NULL);
576 if (!TEST_true(EVP_DigestSignInit(md_ctx, NULL, md, NULL, pkey)))
580 if (!BIO_write_ex(mdbio, kMsg, sizeof(kMsg), &written))
583 if (!TEST_true(EVP_DigestSignUpdate(md_ctx, kMsg, sizeof(kMsg))))
587 /* Determine the size of the signature. */
588 if (!TEST_true(EVP_DigestSignFinal(md_ctx, NULL, &sig_len))
589 || !TEST_ptr(sig = OPENSSL_malloc(sig_len))
590 || !TEST_true(EVP_DigestSignFinal(md_ctx, sig, &sig_len)))
594 if (!TEST_int_gt(BIO_reset(mdbio), 0)
595 || !TEST_int_gt(BIO_get_md_ctx(mdbio, &md_ctx_verify), 0))
600 * Ensure that the signature round-trips (Verification isn't supported for
601 * HMAC via EVP_DigestVerify*)
603 if (tst != 2 && tst != 5 && tst != 8) {
604 if (!TEST_true(EVP_DigestVerifyInit(md_ctx_verify, NULL, md,
609 if (!TEST_true(BIO_write_ex(mdbio, kMsg, sizeof(kMsg), &written)))
612 if (!TEST_true(EVP_DigestVerifyUpdate(md_ctx_verify, kMsg,
616 if (!TEST_true(EVP_DigestVerifyFinal(md_ctx_verify, sig, sig_len)))
625 EVP_MD_CTX_free(a_md_ctx);
626 EVP_MD_CTX_free(a_md_ctx_verify);
634 static int test_EVP_DigestVerifyInit(void)
637 EVP_PKEY *pkey = NULL;
638 EVP_MD_CTX *md_ctx = NULL;
640 if (!TEST_ptr(md_ctx = EVP_MD_CTX_new())
641 || !TEST_ptr(pkey = load_example_rsa_key()))
644 if (!TEST_true(EVP_DigestVerifyInit(md_ctx, NULL, EVP_sha256(), NULL, pkey))
645 || !TEST_true(EVP_DigestVerifyUpdate(md_ctx, kMsg, sizeof(kMsg)))
646 || !TEST_true(EVP_DigestVerifyFinal(md_ctx, kSignature,
647 sizeof(kSignature))))
652 EVP_MD_CTX_free(md_ctx);
657 static int test_d2i_AutoPrivateKey(int i)
660 const unsigned char *p;
661 EVP_PKEY *pkey = NULL;
662 const APK_DATA *ak = &keydata[i];
663 const unsigned char *input = ak->kder;
664 size_t input_len = ak->size;
665 int expected_id = ak->evptype;
668 if (!TEST_ptr(pkey = d2i_AutoPrivateKey(NULL, &p, input_len))
669 || !TEST_ptr_eq(p, input + input_len)
670 || !TEST_int_eq(EVP_PKEY_id(pkey), expected_id))
680 #ifndef OPENSSL_NO_EC
682 static const unsigned char ec_public_sect163k1_validxy[] = {
683 0x30, 0x40, 0x30, 0x10, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
684 0x01, 0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x01, 0x03, 0x2c, 0x00, 0x04,
685 0x02, 0x84, 0x58, 0xa6, 0xd4, 0xa0, 0x35, 0x2b, 0xae, 0xf0, 0xc0, 0x69,
686 0x05, 0xcf, 0x2a, 0x50, 0x33, 0xf9, 0xe3, 0x92, 0x79, 0x02, 0xd1, 0x7b,
687 0x9f, 0x22, 0x00, 0xf0, 0x3b, 0x0e, 0x5d, 0x2e, 0xb7, 0x23, 0x24, 0xf3,
688 0x6a, 0xd8, 0x17, 0x65, 0x41, 0x2f
691 static const unsigned char ec_public_sect163k1_badx[] = {
692 0x30, 0x40, 0x30, 0x10, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
693 0x01, 0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x01, 0x03, 0x2c, 0x00, 0x04,
694 0x0a, 0x84, 0x58, 0xa6, 0xd4, 0xa0, 0x35, 0x2b, 0xae, 0xf0, 0xc0, 0x69,
695 0x05, 0xcf, 0x2a, 0x50, 0x33, 0xf9, 0xe3, 0x92, 0xb0, 0x02, 0xd1, 0x7b,
696 0x9f, 0x22, 0x00, 0xf0, 0x3b, 0x0e, 0x5d, 0x2e, 0xb7, 0x23, 0x24, 0xf3,
697 0x6a, 0xd8, 0x17, 0x65, 0x41, 0x2f
700 static const unsigned char ec_public_sect163k1_bady[] = {
701 0x30, 0x40, 0x30, 0x10, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
702 0x01, 0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x01, 0x03, 0x2c, 0x00, 0x04,
703 0x02, 0x84, 0x58, 0xa6, 0xd4, 0xa0, 0x35, 0x2b, 0xae, 0xf0, 0xc0, 0x69,
704 0x05, 0xcf, 0x2a, 0x50, 0x33, 0xf9, 0xe3, 0x92, 0x79, 0x0a, 0xd1, 0x7b,
705 0x9f, 0x22, 0x00, 0xf0, 0x3b, 0x0e, 0x5d, 0x2e, 0xb7, 0x23, 0x24, 0xf3,
706 0x6a, 0xd8, 0x17, 0x65, 0x41, 0xe6
709 static struct ec_der_pub_keys_st {
710 const unsigned char *der;
713 } ec_der_pub_keys[] = {
714 { ec_public_sect163k1_validxy, sizeof(ec_public_sect163k1_validxy), 1 },
715 { ec_public_sect163k1_badx, sizeof(ec_public_sect163k1_badx), 0 },
716 { ec_public_sect163k1_bady, sizeof(ec_public_sect163k1_bady), 0 },
720 * Tests the range of the decoded EC char2 public point.
721 * See ec_GF2m_simple_oct2point().
723 static int test_invalide_ec_char2_pub_range_decode(int id)
727 EC_KEY *eckey = NULL;
729 if (!TEST_ptr(bio = BIO_new_mem_buf(ec_der_pub_keys[id].der,
730 ec_der_pub_keys[id].len)))
732 eckey = d2i_EC_PUBKEY_bio(bio, NULL);
733 ret = (ec_der_pub_keys[id].valid && TEST_ptr(eckey))
734 || TEST_ptr_null(eckey);
741 /* Tests loading a bad key in PKCS8 format */
742 static int test_EVP_PKCS82PKEY(void)
745 const unsigned char *derp = kExampleBadECKeyDER;
746 PKCS8_PRIV_KEY_INFO *p8inf = NULL;
747 EVP_PKEY *pkey = NULL;
749 if (!TEST_ptr(p8inf = d2i_PKCS8_PRIV_KEY_INFO(NULL, &derp,
750 sizeof(kExampleBadECKeyDER))))
753 if (!TEST_ptr_eq(derp,
754 kExampleBadECKeyDER + sizeof(kExampleBadECKeyDER)))
757 if (!TEST_ptr_null(pkey = EVP_PKCS82PKEY(p8inf)))
763 PKCS8_PRIV_KEY_INFO_free(p8inf);
770 #if !defined(OPENSSL_NO_SM2) && !defined(FIPS_MODULE)
772 static int test_EVP_SM2_verify(void)
774 /* From https://tools.ietf.org/html/draft-shen-sm2-ecdsa-02#appendix-A */
776 "-----BEGIN PUBLIC KEY-----\n"
777 "MIIBMzCB7AYHKoZIzj0CATCB4AIBATAsBgcqhkjOPQEBAiEAhULWnkwETxjouSQ1\n"
778 "v2/33kVyg5FcRVF9ci7biwjx38MwRAQgeHlotPoyw/0kF4Quc7v+/y88hItoMdfg\n"
779 "7GUiizk35JgEIGPkxtOyOwyEnPhCQUhL/kj2HVmlsWugbm4S0donxSSaBEEEQh3r\n"
780 "1hti6rZ0ZDTrw8wxXjIiCzut1QvcTE5sFH/t1D0GgFEry7QsB9RzSdIVO3DE5df9\n"
781 "/L+jbqGoWEG55G4JogIhAIVC1p5MBE8Y6LkkNb9v990pdyBjBIVijVrnTufDLnm3\n"
782 "AgEBA0IABArkx3mKoPEZRxvuEYJb5GICu3nipYRElel8BP9N8lSKfAJA+I8c1OFj\n"
783 "Uqc8F7fxbwc1PlOhdtaEqf4Ma7eY6Fc=\n"
784 "-----END PUBLIC KEY-----\n";
786 const char *msg = "message digest";
787 const char *id = "ALICE123@YAHOO.COM";
789 const uint8_t signature[] = {
790 0x30, 0x44, 0x02, 0x20,
792 0x40, 0xF1, 0xEC, 0x59, 0xF7, 0x93, 0xD9, 0xF4, 0x9E, 0x09, 0xDC,
793 0xEF, 0x49, 0x13, 0x0D, 0x41, 0x94, 0xF7, 0x9F, 0xB1, 0xEE, 0xD2,
794 0xCA, 0xA5, 0x5B, 0xAC, 0xDB, 0x49, 0xC4, 0xE7, 0x55, 0xD1,
798 0x6F, 0xC6, 0xDA, 0xC3, 0x2C, 0x5D, 0x5C, 0xF1, 0x0C, 0x77, 0xDF,
799 0xB2, 0x0F, 0x7C, 0x2E, 0xB6, 0x67, 0xA4, 0x57, 0x87, 0x2F, 0xB0,
800 0x9E, 0xC5, 0x63, 0x27, 0xA6, 0x7E, 0xC7, 0xDE, 0xEB, 0xE7
805 EVP_PKEY *pkey = NULL;
806 EVP_MD_CTX *mctx = NULL;
807 EVP_PKEY_CTX *pctx = NULL;
809 bio = BIO_new_mem_buf(pubkey, strlen(pubkey));
810 if (!TEST_true(bio != NULL))
813 pkey = PEM_read_bio_PUBKEY(bio, NULL, NULL, NULL);
814 if (!TEST_true(pkey != NULL))
817 if (!TEST_true(EVP_PKEY_set_alias_type(pkey, EVP_PKEY_SM2)))
820 if (!TEST_ptr(mctx = EVP_MD_CTX_new()))
823 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new(pkey, NULL)))
826 if (!TEST_int_gt(EVP_PKEY_CTX_set1_id(pctx, (const uint8_t *)id,
830 EVP_MD_CTX_set_pkey_ctx(mctx, pctx);
832 if (!TEST_true(EVP_DigestVerifyInit(mctx, NULL, EVP_sm3(), NULL, pkey)))
835 if (!TEST_true(EVP_DigestVerifyUpdate(mctx, msg, strlen(msg))))
838 if (!TEST_true(EVP_DigestVerifyFinal(mctx, signature, sizeof(signature))))
845 EVP_PKEY_CTX_free(pctx);
846 EVP_MD_CTX_free(mctx);
850 static int test_EVP_SM2(void)
853 EVP_PKEY *pkey = NULL;
854 EVP_PKEY *params = NULL;
855 EVP_PKEY_CTX *pctx = NULL;
856 EVP_PKEY_CTX *kctx = NULL;
857 EVP_PKEY_CTX *sctx = NULL;
859 unsigned char *sig = NULL;
860 EVP_MD_CTX *md_ctx = NULL;
861 EVP_MD_CTX *md_ctx_verify = NULL;
862 EVP_PKEY_CTX *cctx = NULL;
864 uint8_t ciphertext[128];
865 size_t ctext_len = sizeof(ciphertext);
867 uint8_t plaintext[8];
868 size_t ptext_len = sizeof(plaintext);
870 uint8_t sm2_id[] = {1, 2, 3, 4, 'l', 'e', 't', 't', 'e', 'r'};
872 pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_EC, NULL);
876 if (!TEST_true(EVP_PKEY_paramgen_init(pctx) == 1))
879 if (!TEST_true(EVP_PKEY_CTX_set_ec_paramgen_curve_nid(pctx, NID_sm2)))
882 if (!TEST_true(EVP_PKEY_paramgen(pctx, ¶ms)))
885 kctx = EVP_PKEY_CTX_new(params, NULL);
889 if (!TEST_true(EVP_PKEY_keygen_init(kctx)))
892 if (!TEST_true(EVP_PKEY_keygen(kctx, &pkey)))
895 if (!TEST_true(EVP_PKEY_set_alias_type(pkey, EVP_PKEY_SM2)))
898 if (!TEST_ptr(md_ctx = EVP_MD_CTX_new()))
901 if (!TEST_ptr(md_ctx_verify = EVP_MD_CTX_new()))
904 if (!TEST_ptr(sctx = EVP_PKEY_CTX_new(pkey, NULL)))
907 EVP_MD_CTX_set_pkey_ctx(md_ctx, sctx);
908 EVP_MD_CTX_set_pkey_ctx(md_ctx_verify, sctx);
910 if (!TEST_int_gt(EVP_PKEY_CTX_set1_id(sctx, sm2_id, sizeof(sm2_id)), 0))
913 if (!TEST_true(EVP_DigestSignInit(md_ctx, NULL, EVP_sm3(), NULL, pkey)))
916 if(!TEST_true(EVP_DigestSignUpdate(md_ctx, kMsg, sizeof(kMsg))))
919 /* Determine the size of the signature. */
920 if (!TEST_true(EVP_DigestSignFinal(md_ctx, NULL, &sig_len)))
923 if (!TEST_ptr(sig = OPENSSL_malloc(sig_len)))
926 if (!TEST_true(EVP_DigestSignFinal(md_ctx, sig, &sig_len)))
929 /* Ensure that the signature round-trips. */
931 if (!TEST_true(EVP_DigestVerifyInit(md_ctx_verify, NULL, EVP_sm3(), NULL, pkey)))
934 if (!TEST_true(EVP_DigestVerifyUpdate(md_ctx_verify, kMsg, sizeof(kMsg))))
937 if (!TEST_true(EVP_DigestVerifyFinal(md_ctx_verify, sig, sig_len)))
940 /* now check encryption/decryption */
942 if (!TEST_ptr(cctx = EVP_PKEY_CTX_new(pkey, NULL)))
945 if (!TEST_true(EVP_PKEY_encrypt_init(cctx)))
948 if (!TEST_true(EVP_PKEY_encrypt(cctx, ciphertext, &ctext_len, kMsg, sizeof(kMsg))))
951 if (!TEST_true(EVP_PKEY_decrypt_init(cctx)))
954 if (!TEST_true(EVP_PKEY_decrypt(cctx, plaintext, &ptext_len, ciphertext, ctext_len)))
957 if (!TEST_true(ptext_len == sizeof(kMsg)))
960 if (!TEST_true(memcmp(plaintext, kMsg, sizeof(kMsg)) == 0))
965 EVP_PKEY_CTX_free(pctx);
966 EVP_PKEY_CTX_free(kctx);
967 EVP_PKEY_CTX_free(sctx);
968 EVP_PKEY_CTX_free(cctx);
970 EVP_PKEY_free(params);
971 EVP_MD_CTX_free(md_ctx);
972 EVP_MD_CTX_free(md_ctx_verify);
979 static struct keys_st {
985 EVP_PKEY_HMAC, "0123456789", NULL
987 EVP_PKEY_POLY1305, "01234567890123456789012345678901", NULL
989 EVP_PKEY_SIPHASH, "0123456789012345", NULL
991 #ifndef OPENSSL_NO_EC
993 EVP_PKEY_X25519, "01234567890123456789012345678901",
994 "abcdefghijklmnopqrstuvwxyzabcdef"
996 EVP_PKEY_ED25519, "01234567890123456789012345678901",
997 "abcdefghijklmnopqrstuvwxyzabcdef"
1000 "01234567890123456789012345678901234567890123456789012345",
1001 "abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcd"
1004 "012345678901234567890123456789012345678901234567890123456",
1005 "abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcde"
1010 static int test_set_get_raw_keys_int(int tst, int pub, int uselibctx)
1013 unsigned char buf[80];
1015 size_t inlen, len = 0;
1018 /* Check if this algorithm supports public keys */
1019 if (keys[tst].pub == NULL)
1022 memset(buf, 0, sizeof(buf));
1025 inlen = strlen(keys[tst].pub);
1026 in = (unsigned char *)keys[tst].pub;
1028 pkey = EVP_PKEY_new_raw_public_key_with_libctx(
1030 OBJ_nid2sn(keys[tst].type),
1035 pkey = EVP_PKEY_new_raw_public_key(keys[tst].type,
1041 inlen = strlen(keys[tst].priv);
1042 in = (unsigned char *)keys[tst].priv;
1044 pkey = EVP_PKEY_new_raw_private_key_with_libctx(
1045 testctx, OBJ_nid2sn(keys[tst].type),
1050 pkey = EVP_PKEY_new_raw_private_key(keys[tst].type,
1058 || (!pub && !TEST_true(EVP_PKEY_get_raw_private_key(pkey, NULL, &len)))
1059 || (pub && !TEST_true(EVP_PKEY_get_raw_public_key(pkey, NULL, &len)))
1060 || !TEST_true(len == inlen)
1061 || (!pub && !TEST_true(EVP_PKEY_get_raw_private_key(pkey, buf, &len)))
1062 || (pub && !TEST_true(EVP_PKEY_get_raw_public_key(pkey, buf, &len)))
1063 || !TEST_mem_eq(in, inlen, buf, len))
1068 EVP_PKEY_free(pkey);
1072 static int test_set_get_raw_keys(int tst)
1074 return test_set_get_raw_keys_int(tst, 0, 0)
1075 && test_set_get_raw_keys_int(tst, 0, 1)
1076 && test_set_get_raw_keys_int(tst, 1, 0)
1077 && test_set_get_raw_keys_int(tst, 1, 1);
1080 static int pkey_custom_check(EVP_PKEY *pkey)
1085 static int pkey_custom_pub_check(EVP_PKEY *pkey)
1090 static int pkey_custom_param_check(EVP_PKEY *pkey)
1095 static EVP_PKEY_METHOD *custom_pmeth;
1097 static int test_EVP_PKEY_check(int i)
1100 const unsigned char *p;
1101 EVP_PKEY *pkey = NULL;
1102 #ifndef OPENSSL_NO_EC
1103 EC_KEY *eckey = NULL;
1105 EVP_PKEY_CTX *ctx = NULL;
1106 EVP_PKEY_CTX *ctx2 = NULL;
1107 const APK_DATA *ak = &keycheckdata[i];
1108 const unsigned char *input = ak->kder;
1109 size_t input_len = ak->size;
1110 int expected_id = ak->evptype;
1111 int expected_check = ak->check;
1112 int expected_pub_check = ak->pub_check;
1113 int expected_param_check = ak->param_check;
1114 int type = ak->type;
1121 if (!TEST_ptr(pkey = d2i_AutoPrivateKey(NULL, &p, input_len))
1122 || !TEST_ptr_eq(p, input + input_len)
1123 || !TEST_int_eq(EVP_PKEY_id(pkey), expected_id))
1126 #ifndef OPENSSL_NO_EC
1128 if (!TEST_ptr(pubkey = BIO_new_mem_buf(input, input_len))
1129 || !TEST_ptr(eckey = d2i_EC_PUBKEY_bio(pubkey, NULL))
1130 || !TEST_ptr(pkey = EVP_PKEY_new())
1131 || !TEST_true(EVP_PKEY_assign_EC_KEY(pkey, eckey)))
1135 if (!TEST_ptr(eckey = d2i_ECParameters(NULL, &p, input_len))
1136 || !TEST_ptr_eq(p, input + input_len)
1137 || !TEST_ptr(pkey = EVP_PKEY_new())
1138 || !TEST_true(EVP_PKEY_assign_EC_KEY(pkey, eckey)))
1146 if (!TEST_ptr(ctx = EVP_PKEY_CTX_new(pkey, NULL)))
1149 if (!TEST_int_eq(EVP_PKEY_check(ctx), expected_check))
1152 if (!TEST_int_eq(EVP_PKEY_public_check(ctx), expected_pub_check))
1155 if (!TEST_int_eq(EVP_PKEY_param_check(ctx), expected_param_check))
1158 ctx2 = EVP_PKEY_CTX_new_id(0xdefaced, NULL);
1159 /* assign the pkey directly, as an internal test */
1160 EVP_PKEY_up_ref(pkey);
1163 if (!TEST_int_eq(EVP_PKEY_check(ctx2), 0xbeef))
1166 if (!TEST_int_eq(EVP_PKEY_public_check(ctx2), 0xbeef))
1169 if (!TEST_int_eq(EVP_PKEY_param_check(ctx2), 0xbeef))
1175 EVP_PKEY_CTX_free(ctx);
1176 EVP_PKEY_CTX_free(ctx2);
1177 EVP_PKEY_free(pkey);
1182 #ifndef OPENSSL_NO_CMAC
1183 static int test_CMAC_keygen(void)
1186 * This is a legacy method for CMACs, but should still work.
1187 * This verifies that it works without an ENGINE.
1189 EVP_PKEY_CTX *kctx = EVP_PKEY_CTX_new_id(EVP_PKEY_CMAC, NULL);
1192 if (!TEST_true(EVP_PKEY_keygen_init(kctx) > 0)
1193 && !TEST_true(EVP_PKEY_CTX_ctrl(kctx, -1, EVP_PKEY_OP_KEYGEN,
1194 EVP_PKEY_CTRL_CIPHER,
1195 0, (void *)EVP_aes_256_ecb()) > 0))
1200 EVP_PKEY_CTX_free(kctx);
1205 static int test_HKDF(void)
1208 unsigned char out[20];
1211 unsigned char salt[] = "0123456789";
1212 unsigned char key[] = "012345678901234567890123456789";
1213 unsigned char info[] = "infostring";
1214 const unsigned char expected[] = {
1215 0xe5, 0x07, 0x70, 0x7f, 0xc6, 0x78, 0xd6, 0x54, 0x32, 0x5f, 0x7e, 0xc5,
1216 0x7b, 0x59, 0x3e, 0xd8, 0x03, 0x6b, 0xed, 0xca
1218 size_t expectedlen = sizeof(expected);
1220 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_HKDF, NULL)))
1223 /* We do this twice to test reuse of the EVP_PKEY_CTX */
1224 for (i = 0; i < 2; i++) {
1225 outlen = sizeof(out);
1226 memset(out, 0, outlen);
1228 if (!TEST_int_gt(EVP_PKEY_derive_init(pctx), 0)
1229 || !TEST_int_gt(EVP_PKEY_CTX_set_hkdf_md(pctx, EVP_sha256()), 0)
1230 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_salt(pctx, salt,
1231 sizeof(salt) - 1), 0)
1232 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_key(pctx, key,
1233 sizeof(key) - 1), 0)
1234 || !TEST_int_gt(EVP_PKEY_CTX_add1_hkdf_info(pctx, info,
1235 sizeof(info) - 1), 0)
1236 || !TEST_int_gt(EVP_PKEY_derive(pctx, out, &outlen), 0)
1237 || !TEST_mem_eq(out, outlen, expected, expectedlen))
1244 EVP_PKEY_CTX_free(pctx);
1249 static int test_emptyikm_HKDF(void)
1252 unsigned char out[20];
1255 unsigned char salt[] = "9876543210";
1256 unsigned char key[] = "";
1257 unsigned char info[] = "stringinfo";
1258 const unsigned char expected[] = {
1259 0x68, 0x81, 0xa5, 0x3e, 0x5b, 0x9c, 0x7b, 0x6f, 0x2e, 0xec, 0xc8, 0x47,
1260 0x7c, 0xfa, 0x47, 0x35, 0x66, 0x82, 0x15, 0x30
1262 size_t expectedlen = sizeof(expected);
1264 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_HKDF, NULL)))
1267 outlen = sizeof(out);
1268 memset(out, 0, outlen);
1270 if (!TEST_int_gt(EVP_PKEY_derive_init(pctx), 0)
1271 || !TEST_int_gt(EVP_PKEY_CTX_set_hkdf_md(pctx, EVP_sha256()), 0)
1272 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_salt(pctx, salt,
1273 sizeof(salt) - 1), 0)
1274 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_key(pctx, key,
1275 sizeof(key) - 1), 0)
1276 || !TEST_int_gt(EVP_PKEY_CTX_add1_hkdf_info(pctx, info,
1277 sizeof(info) - 1), 0)
1278 || !TEST_int_gt(EVP_PKEY_derive(pctx, out, &outlen), 0)
1279 || !TEST_mem_eq(out, outlen, expected, expectedlen))
1285 EVP_PKEY_CTX_free(pctx);
1290 #ifndef OPENSSL_NO_EC
1291 static int test_X509_PUBKEY_inplace(void)
1294 X509_PUBKEY *xp = NULL;
1295 const unsigned char *p = kExampleECPubKeyDER;
1296 size_t input_len = sizeof(kExampleECPubKeyDER);
1298 if (!TEST_ptr(xp = d2i_X509_PUBKEY(NULL, &p, input_len)))
1301 if (!TEST_ptr(X509_PUBKEY_get0(xp)))
1304 p = kExampleBadECPubKeyDER;
1305 input_len = sizeof(kExampleBadECPubKeyDER);
1307 if (!TEST_ptr(xp = d2i_X509_PUBKEY(&xp, &p, input_len)))
1310 if (!TEST_true(X509_PUBKEY_get0(xp) == NULL))
1316 X509_PUBKEY_free(xp);
1319 #endif /* OPENSSL_NO_EC */
1321 /* Test getting and setting parameters on an EVP_PKEY_CTX */
1322 static int test_EVP_PKEY_CTX_get_set_params(EVP_PKEY *pkey)
1324 EVP_MD_CTX *mdctx = NULL;
1325 EVP_PKEY_CTX *ctx = NULL;
1326 const OSSL_PARAM *params;
1327 OSSL_PARAM ourparams[2], *param = ourparams, *param_md;
1330 char mdname[OSSL_MAX_NAME_SIZE];
1333 /* Initialise a sign operation */
1334 ctx = EVP_PKEY_CTX_new(pkey, NULL);
1336 || !TEST_int_gt(EVP_PKEY_sign_init(ctx), 0))
1340 * We should be able to query the parameters now.
1342 params = EVP_PKEY_CTX_settable_params(ctx);
1343 if (!TEST_ptr(params)
1344 || !TEST_ptr(OSSL_PARAM_locate_const(params,
1345 OSSL_SIGNATURE_PARAM_DIGEST)))
1348 params = EVP_PKEY_CTX_gettable_params(ctx);
1349 if (!TEST_ptr(params)
1350 || !TEST_ptr(OSSL_PARAM_locate_const(params,
1351 OSSL_SIGNATURE_PARAM_ALGORITHM_ID))
1352 || !TEST_ptr(OSSL_PARAM_locate_const(params,
1353 OSSL_SIGNATURE_PARAM_DIGEST)))
1357 * Test getting and setting params via EVP_PKEY_CTX_set_params() and
1358 * EVP_PKEY_CTX_get_params()
1360 strcpy(mdname, "SHA512");
1362 *param++ = OSSL_PARAM_construct_utf8_string(OSSL_SIGNATURE_PARAM_DIGEST,
1364 *param++ = OSSL_PARAM_construct_end();
1366 if (!TEST_true(EVP_PKEY_CTX_set_params(ctx, ourparams)))
1370 *param_md = OSSL_PARAM_construct_utf8_string(OSSL_SIGNATURE_PARAM_DIGEST,
1371 mdname, sizeof(mdname));
1372 if (!TEST_true(EVP_PKEY_CTX_get_params(ctx, ourparams))
1373 || !TEST_str_eq(mdname, "SHA512"))
1377 * Test the TEST_PKEY_CTX_set_signature_md() and
1378 * TEST_PKEY_CTX_get_signature_md() functions
1380 if (!TEST_int_gt(EVP_PKEY_CTX_set_signature_md(ctx, EVP_sha256()), 0)
1381 || !TEST_int_gt(EVP_PKEY_CTX_get_signature_md(ctx, &md), 0)
1382 || !TEST_ptr_eq(md, EVP_sha256()))
1386 * Test getting MD parameters via an associated EVP_PKEY_CTX
1388 mdctx = EVP_MD_CTX_new();
1389 if (!TEST_ptr(mdctx)
1390 || !TEST_true(EVP_DigestSignInit_ex(mdctx, NULL, "SHA1", NULL, pkey,
1395 * We now have an EVP_MD_CTX with an EVP_PKEY_CTX inside it. We should be
1396 * able to obtain the digest's settable parameters from the provider.
1398 params = EVP_MD_CTX_settable_params(mdctx);
1399 if (!TEST_ptr(params)
1400 || !TEST_int_eq(strcmp(params[0].key, OSSL_DIGEST_PARAM_SSL3_MS), 0)
1401 /* The final key should be NULL */
1402 || !TEST_ptr_null(params[1].key))
1406 memset(ssl3ms, 0, sizeof(ssl3ms));
1407 *param++ = OSSL_PARAM_construct_octet_string(OSSL_DIGEST_PARAM_SSL3_MS,
1408 ssl3ms, sizeof(ssl3ms));
1409 *param++ = OSSL_PARAM_construct_end();
1411 if (!TEST_true(EVP_MD_CTX_set_params(mdctx, ourparams)))
1417 EVP_MD_CTX_free(mdctx);
1418 EVP_PKEY_CTX_free(ctx);
1423 #ifndef OPENSSL_NO_DSA
1424 static int test_DSA_get_set_params(void)
1427 BIGNUM *p = NULL, *q = NULL, *g = NULL, *pub = NULL, *priv = NULL;
1428 EVP_PKEY *pkey = NULL;
1432 * Setup the parameters for our DSA object. For our purposes they don't
1433 * have to actually be *valid* parameters. We just need to set something.
1446 || !DSA_set0_pqg(dsa, p, q, g)
1447 || !DSA_set0_key(dsa, pub, priv))
1449 p = q = g = pub = priv = NULL;
1451 pkey = EVP_PKEY_new();
1453 || !TEST_true(EVP_PKEY_assign_DSA(pkey, dsa)))
1458 ret = test_EVP_PKEY_CTX_get_set_params(pkey);
1461 EVP_PKEY_free(pkey);
1473 static int test_RSA_get_set_params(void)
1476 BIGNUM *n = NULL, *e = NULL, *d = NULL;
1477 EVP_PKEY *pkey = NULL;
1481 * Setup the parameters for our RSA object. For our purposes they don't
1482 * have to actually be *valid* parameters. We just need to set something.
1492 || !RSA_set0_key(rsa, n, e, d))
1496 pkey = EVP_PKEY_new();
1498 || !TEST_true(EVP_PKEY_assign_RSA(pkey, rsa)))
1503 ret = test_EVP_PKEY_CTX_get_set_params(pkey);
1506 EVP_PKEY_free(pkey);
1515 #if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
1516 static int test_decrypt_null_chunks(void)
1518 EVP_CIPHER_CTX* ctx = NULL;
1519 const unsigned char key[32] = {
1520 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
1521 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
1522 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1
1524 unsigned char iv[12] = {
1525 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b
1527 unsigned char msg[] = "It was the best of times, it was the worst of times";
1528 unsigned char ciphertext[80];
1529 unsigned char plaintext[80];
1530 /* We initialise tmp to a non zero value on purpose */
1531 int ctlen, ptlen, tmp = 99;
1533 const int enc_offset = 10, dec_offset = 20;
1535 if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new())
1536 || !TEST_true(EVP_EncryptInit_ex(ctx, EVP_chacha20_poly1305(), NULL,
1538 || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext, &ctlen, msg,
1540 /* Deliberate add a zero length update */
1541 || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext + ctlen, &tmp, NULL,
1543 || !TEST_int_eq(tmp, 0)
1544 || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext + ctlen, &tmp,
1546 sizeof(msg) - enc_offset))
1547 || !TEST_int_eq(ctlen += tmp, sizeof(msg))
1548 || !TEST_true(EVP_EncryptFinal(ctx, ciphertext + ctlen, &tmp))
1549 || !TEST_int_eq(tmp, 0))
1552 /* Deliberately initialise tmp to a non zero value */
1554 if (!TEST_true(EVP_DecryptInit_ex(ctx, EVP_chacha20_poly1305(), NULL, key,
1556 || !TEST_true(EVP_DecryptUpdate(ctx, plaintext, &ptlen, ciphertext,
1559 * Deliberately add a zero length update. We also deliberately do
1560 * this at a different offset than for encryption.
1562 || !TEST_true(EVP_DecryptUpdate(ctx, plaintext + ptlen, &tmp, NULL,
1564 || !TEST_int_eq(tmp, 0)
1565 || !TEST_true(EVP_DecryptUpdate(ctx, plaintext + ptlen, &tmp,
1566 ciphertext + dec_offset,
1567 ctlen - dec_offset))
1568 || !TEST_int_eq(ptlen += tmp, sizeof(msg))
1569 || !TEST_true(EVP_DecryptFinal(ctx, plaintext + ptlen, &tmp))
1570 || !TEST_int_eq(tmp, 0)
1571 || !TEST_mem_eq(msg, sizeof(msg), plaintext, ptlen))
1576 EVP_CIPHER_CTX_free(ctx);
1579 #endif /* !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305) */
1581 #ifndef OPENSSL_NO_DH
1582 static int test_EVP_PKEY_set1_DH(void)
1584 DH *x942dh = NULL, *noqdh = NULL;
1585 EVP_PKEY *pkey1 = NULL, *pkey2 = NULL;
1587 BIGNUM *p, *g = NULL;
1589 if (!TEST_ptr(p = BN_new())
1590 || !TEST_ptr(g = BN_new())
1591 || !BN_set_word(p, 9999)
1592 || !BN_set_word(g, 2)
1593 || !TEST_ptr(noqdh = DH_new())
1594 || !DH_set0_pqg(noqdh, p, NULL, g))
1598 x942dh = DH_get_2048_256();
1599 pkey1 = EVP_PKEY_new();
1600 pkey2 = EVP_PKEY_new();
1601 if (!TEST_ptr(x942dh)
1604 || !TEST_ptr(pkey2))
1607 if(!TEST_true(EVP_PKEY_set1_DH(pkey1, x942dh))
1608 || !TEST_int_eq(EVP_PKEY_id(pkey1), EVP_PKEY_DHX))
1611 if(!TEST_true(EVP_PKEY_set1_DH(pkey2, noqdh))
1612 || !TEST_int_eq(EVP_PKEY_id(pkey2), EVP_PKEY_DH))
1619 EVP_PKEY_free(pkey1);
1620 EVP_PKEY_free(pkey2);
1629 * We test what happens with an empty template. For the sake of this test,
1630 * the template must be ignored, and we know that's the case for RSA keys
1631 * (this might arguably be a misfeature, but that's what we currently do,
1632 * even in provider code, since that's how the legacy RSA implementation
1635 static int test_keygen_with_empty_template(int n)
1637 EVP_PKEY_CTX *ctx = NULL;
1638 EVP_PKEY *pkey = NULL;
1639 EVP_PKEY *tkey = NULL;
1644 /* We do test with no template at all as well */
1645 if (!TEST_ptr(ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_RSA, NULL)))
1649 /* Here we create an empty RSA key that serves as our template */
1650 if (!TEST_ptr(tkey = EVP_PKEY_new())
1651 || !TEST_true(EVP_PKEY_set_type(tkey, EVP_PKEY_RSA))
1652 || !TEST_ptr(ctx = EVP_PKEY_CTX_new(tkey, NULL)))
1657 if (!TEST_int_gt(EVP_PKEY_keygen_init(ctx), 0)
1658 || !TEST_int_gt(EVP_PKEY_keygen(ctx, &pkey), 0))
1663 EVP_PKEY_CTX_free(ctx);
1664 EVP_PKEY_free(pkey);
1665 EVP_PKEY_free(tkey);
1670 * Test that we fail if we attempt to use an algorithm that is not available
1671 * in the current library context (unless we are using an algorithm that should
1672 * be made available via legacy codepaths).
1674 static int test_pkey_ctx_fail_without_provider(int tst)
1676 OPENSSL_CTX *tmpctx = OPENSSL_CTX_new();
1677 OSSL_PROVIDER *nullprov = NULL;
1678 EVP_PKEY_CTX *pctx = NULL;
1681 if (!TEST_ptr(tmpctx))
1684 nullprov = OSSL_PROVIDER_load(tmpctx, "null");
1685 if (!TEST_ptr(nullprov))
1688 pctx = EVP_PKEY_CTX_new_from_name(tmpctx, tst == 0 ? "RSA" : "HMAC", "");
1690 /* RSA is not available via any provider so we expect this to fail */
1691 if (tst == 0 && !TEST_ptr_null(pctx))
1695 * HMAC is always available because it is implemented via legacy codepaths
1696 * and not in a provider at all. We expect this to pass.
1698 if (tst == 1 && !TEST_ptr(pctx))
1704 EVP_PKEY_CTX_free(pctx);
1705 OSSL_PROVIDER_unload(nullprov);
1706 OPENSSL_CTX_free(tmpctx);
1710 int setup_tests(void)
1712 testctx = OPENSSL_CTX_new();
1714 if (!TEST_ptr(testctx))
1717 ADD_ALL_TESTS(test_EVP_DigestSignInit, 9);
1718 ADD_TEST(test_EVP_DigestVerifyInit);
1719 ADD_TEST(test_EVP_Enveloped);
1720 ADD_ALL_TESTS(test_d2i_AutoPrivateKey, OSSL_NELEM(keydata));
1721 #ifndef OPENSSL_NO_EC
1722 ADD_TEST(test_EVP_PKCS82PKEY);
1724 #if !defined(OPENSSL_NO_SM2) && !defined(FIPS_MODULE)
1725 ADD_TEST(test_EVP_SM2);
1726 ADD_TEST(test_EVP_SM2_verify);
1728 ADD_ALL_TESTS(test_set_get_raw_keys, OSSL_NELEM(keys));
1729 custom_pmeth = EVP_PKEY_meth_new(0xdefaced, 0);
1730 if (!TEST_ptr(custom_pmeth))
1732 EVP_PKEY_meth_set_check(custom_pmeth, pkey_custom_check);
1733 EVP_PKEY_meth_set_public_check(custom_pmeth, pkey_custom_pub_check);
1734 EVP_PKEY_meth_set_param_check(custom_pmeth, pkey_custom_param_check);
1735 if (!TEST_int_eq(EVP_PKEY_meth_add0(custom_pmeth), 1))
1737 ADD_ALL_TESTS(test_EVP_PKEY_check, OSSL_NELEM(keycheckdata));
1738 #ifndef OPENSSL_NO_CMAC
1739 ADD_TEST(test_CMAC_keygen);
1741 ADD_TEST(test_HKDF);
1742 ADD_TEST(test_emptyikm_HKDF);
1743 #ifndef OPENSSL_NO_EC
1744 ADD_TEST(test_X509_PUBKEY_inplace);
1745 ADD_ALL_TESTS(test_invalide_ec_char2_pub_range_decode,
1746 OSSL_NELEM(ec_der_pub_keys));
1748 #ifndef OPENSSL_NO_DSA
1749 ADD_TEST(test_DSA_get_set_params);
1751 ADD_TEST(test_RSA_get_set_params);
1752 #if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
1753 ADD_TEST(test_decrypt_null_chunks);
1755 #ifndef OPENSSL_NO_DH
1756 ADD_TEST(test_EVP_PKEY_set1_DH);
1758 ADD_ALL_TESTS(test_keygen_with_empty_template, 2);
1759 ADD_ALL_TESTS(test_pkey_ctx_fail_without_provider, 2);
1764 void cleanup_tests(void)
1766 OPENSSL_CTX_free(testctx);