evp_extra_test.c 79 KB

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677787980818283848586878889909192939495969798991001011021031041051061071081091101111121131141151161171181191201211221231241251261271281291301311321331341351361371381391401411421431441451461471481491501511521531541551561571581591601611621631641651661671681691701711721731741751761771781791801811821831841851861871881891901911921931941951961971981992002012022032042052062072082092102112122132142152162172182192202212222232242252262272282292302312322332342352362372382392402412422432442452462472482492502512522532542552562572582592602612622632642652662672682692702712722732742752762772782792802812822832842852862872882892902912922932942952962972982993003013023033043053063073083093103113123133143153163173183193203213223233243253263273283293303313323333343353363373383393403413423433443453463473483493503513523533543553563573583593603613623633643653663673683693703713723733743753763773783793803813823833843853863873883893903913923933943953963973983994004014024034044054064074084094104114124134144154164174184194204214224234244254264274284294304314324334344354364374384394404414424434444454464474484494504514524534544554564574584594604614624634644654664674684694704714724734744754764774784794804814824834844854864874884894904914924934944954964974984995005015025035045055065075085095105115125135145155165175185195205215225235245255265275285295305315325335345355365375385395405415425435445455465475485495505515525535545555565575585595605615625635645655665675685695705715725735745755765775785795805815825835845855865875885895905915925935945955965975985996006016026036046056066076086096106116126136146156166176186196206216226236246256266276286296306316326336346356366376386396406416426436446456466476486496506516526536546556566576586596606616626636646656666676686696706716726736746756766776786796806816826836846856866876886896906916926936946956966976986997007017027037047057067077087097107117127137147157167177187197207217227237247257267277287297307317327337347357367377387397407417427437447457467477487497507517527537547557567577587597607617627637647657667677687697707717727737747757767777787797807817827837847857867877887897907917927937947957967977987998008018028038048058068078088098108118128138148158168178188198208218228238248258268278288298308318328338348358368378388398408418428438448458468478488498508518528538548558568578588598608618628638648658668678688698708718728738748758768778788798808818828838848858868878888898908918928938948958968978988999009019029039049059069079089099109119129139149159169179189199209219229239249259269279289299309319329339349359369379389399409419429439449459469479489499509519529539549559569579589599609619629639649659669679689699709719729739749759769779789799809819829839849859869879889899909919929939949959969979989991000100110021003100410051006100710081009101010111012101310141015101610171018101910201021102210231024102510261027102810291030103110321033103410351036103710381039104010411042104310441045104610471048104910501051105210531054105510561057105810591060106110621063106410651066106710681069107010711072107310741075107610771078107910801081108210831084108510861087108810891090109110921093109410951096109710981099110011011102110311041105110611071108110911101111111211131114111511161117111811191120112111221123112411251126112711281129113011311132113311341135113611371138113911401141114211431144114511461147114811491150115111521153115411551156115711581159116011611162116311641165116611671168116911701171117211731174117511761177117811791180118111821183118411851186118711881189119011911192119311941195119611971198119912001201120212031204120512061207120812091210121112121213121412151216121712181219122012211222122312241225122612271228122912301231123212331234123512361237123812391240124112421243124412451246124712481249125012511252125312541255125612571258125912601261126212631264126512661267126812691270127112721273127412751276127712781279128012811282128312841285128612871288128912901291129212931294129512961297129812991300130113021303130413051306130713081309131013111312131313141315131613171318131913201321132213231324132513261327132813291330133113321333133413351336133713381339134013411342134313441345134613471348134913501351135213531354135513561357135813591360136113621363136413651366136713681369137013711372137313741375137613771378137913801381138213831384138513861387138813891390139113921393139413951396139713981399140014011402140314041405140614071408140914101411141214131414141514161417141814191420142114221423142414251426142714281429143014311432143314341435143614371438143914401441144214431444144514461447144814491450145114521453145414551456145714581459146014611462146314641465146614671468146914701471147214731474147514761477147814791480148114821483148414851486148714881489149014911492149314941495149614971498149915001501150215031504150515061507150815091510151115121513151415151516151715181519152015211522152315241525152615271528152915301531153215331534153515361537153815391540154115421543154415451546154715481549155015511552155315541555155615571558155915601561156215631564156515661567156815691570157115721573157415751576157715781579158015811582158315841585158615871588158915901591159215931594159515961597159815991600160116021603160416051606160716081609161016111612161316141615161616171618161916201621162216231624162516261627162816291630163116321633163416351636163716381639164016411642164316441645164616471648164916501651165216531654165516561657165816591660166116621663166416651666166716681669167016711672167316741675167616771678167916801681168216831684168516861687168816891690169116921693169416951696169716981699170017011702170317041705170617071708170917101711171217131714171517161717171817191720172117221723172417251726172717281729173017311732173317341735173617371738173917401741174217431744174517461747174817491750175117521753175417551756175717581759176017611762176317641765176617671768176917701771177217731774177517761777177817791780178117821783178417851786178717881789179017911792179317941795179617971798179918001801180218031804180518061807180818091810181118121813181418151816181718181819182018211822182318241825182618271828182918301831183218331834183518361837183818391840184118421843184418451846184718481849185018511852185318541855185618571858185918601861186218631864186518661867186818691870187118721873187418751876187718781879188018811882188318841885188618871888188918901891189218931894189518961897189818991900190119021903190419051906190719081909191019111912191319141915191619171918191919201921192219231924192519261927192819291930193119321933193419351936193719381939194019411942194319441945194619471948194919501951195219531954195519561957195819591960196119621963196419651966196719681969197019711972197319741975197619771978197919801981198219831984198519861987198819891990199119921993199419951996199719981999200020012002200320042005200620072008200920102011201220132014201520162017201820192020202120222023202420252026202720282029203020312032203320342035203620372038203920402041204220432044204520462047204820492050205120522053205420552056205720582059206020612062206320642065206620672068206920702071207220732074207520762077207820792080208120822083208420852086208720882089209020912092209320942095209620972098209921002101210221032104210521062107210821092110211121122113211421152116211721182119212021212122212321242125212621272128212921302131213221332134213521362137213821392140214121422143214421452146214721482149215021512152215321542155215621572158215921602161216221632164216521662167216821692170217121722173217421752176217721782179218021812182218321842185218621872188218921902191219221932194219521962197219821992200220122022203220422052206220722082209221022112212221322142215
  1. /*
  2. * Copyright 2015-2020 The OpenSSL Project Authors. All Rights Reserved.
  3. *
  4. * Licensed under the Apache License 2.0 (the "License"). You may not use
  5. * this file except in compliance with the License. You can obtain a copy
  6. * in the file LICENSE in the source distribution or at
  7. * https://www.openssl.org/source/license.html
  8. */
  9. /* We need to use some deprecated APIs */
  10. #define OPENSSL_SUPPRESS_DEPRECATED
  11. #include <stdio.h>
  12. #include <stdlib.h>
  13. #include <string.h>
  14. #include <openssl/bio.h>
  15. #include <openssl/conf.h>
  16. #include <openssl/crypto.h>
  17. #include <openssl/err.h>
  18. #include <openssl/evp.h>
  19. #include <openssl/x509.h>
  20. #include <openssl/pem.h>
  21. #include <openssl/kdf.h>
  22. #include <openssl/provider.h>
  23. #include <openssl/core_names.h>
  24. #include <openssl/params.h>
  25. #include <openssl/param_build.h>
  26. #include <openssl/dsa.h>
  27. #include <openssl/dh.h>
  28. #include <openssl/aes.h>
  29. #include <openssl/decoder.h>
  30. #include "testutil.h"
  31. #include "internal/nelem.h"
  32. #include "internal/sizes.h"
  33. #include "crypto/evp.h"
  34. #include "../e_os.h" /* strcasecmp */
  35. static OSSL_LIB_CTX *testctx = NULL;
  36. /*
  37. * kExampleRSAKeyDER is an RSA private key in ASN.1, DER format. Of course, you
  38. * should never use this key anywhere but in an example.
  39. */
  40. static const unsigned char kExampleRSAKeyDER[] = {
  41. 0x30, 0x82, 0x02, 0x5c, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81, 0x00, 0xf8,
  42. 0xb8, 0x6c, 0x83, 0xb4, 0xbc, 0xd9, 0xa8, 0x57, 0xc0, 0xa5, 0xb4, 0x59,
  43. 0x76, 0x8c, 0x54, 0x1d, 0x79, 0xeb, 0x22, 0x52, 0x04, 0x7e, 0xd3, 0x37,
  44. 0xeb, 0x41, 0xfd, 0x83, 0xf9, 0xf0, 0xa6, 0x85, 0x15, 0x34, 0x75, 0x71,
  45. 0x5a, 0x84, 0xa8, 0x3c, 0xd2, 0xef, 0x5a, 0x4e, 0xd3, 0xde, 0x97, 0x8a,
  46. 0xdd, 0xff, 0xbb, 0xcf, 0x0a, 0xaa, 0x86, 0x92, 0xbe, 0xb8, 0x50, 0xe4,
  47. 0xcd, 0x6f, 0x80, 0x33, 0x30, 0x76, 0x13, 0x8f, 0xca, 0x7b, 0xdc, 0xec,
  48. 0x5a, 0xca, 0x63, 0xc7, 0x03, 0x25, 0xef, 0xa8, 0x8a, 0x83, 0x58, 0x76,
  49. 0x20, 0xfa, 0x16, 0x77, 0xd7, 0x79, 0x92, 0x63, 0x01, 0x48, 0x1a, 0xd8,
  50. 0x7b, 0x67, 0xf1, 0x52, 0x55, 0x49, 0x4e, 0xd6, 0x6e, 0x4a, 0x5c, 0xd7,
  51. 0x7a, 0x37, 0x36, 0x0c, 0xde, 0xdd, 0x8f, 0x44, 0xe8, 0xc2, 0xa7, 0x2c,
  52. 0x2b, 0xb5, 0xaf, 0x64, 0x4b, 0x61, 0x07, 0x02, 0x03, 0x01, 0x00, 0x01,
  53. 0x02, 0x81, 0x80, 0x74, 0x88, 0x64, 0x3f, 0x69, 0x45, 0x3a, 0x6d, 0xc7,
  54. 0x7f, 0xb9, 0xa3, 0xc0, 0x6e, 0xec, 0xdc, 0xd4, 0x5a, 0xb5, 0x32, 0x85,
  55. 0x5f, 0x19, 0xd4, 0xf8, 0xd4, 0x3f, 0x3c, 0xfa, 0xc2, 0xf6, 0x5f, 0xee,
  56. 0xe6, 0xba, 0x87, 0x74, 0x2e, 0xc7, 0x0c, 0xd4, 0x42, 0xb8, 0x66, 0x85,
  57. 0x9c, 0x7b, 0x24, 0x61, 0xaa, 0x16, 0x11, 0xf6, 0xb5, 0xb6, 0xa4, 0x0a,
  58. 0xc9, 0x55, 0x2e, 0x81, 0xa5, 0x47, 0x61, 0xcb, 0x25, 0x8f, 0xc2, 0x15,
  59. 0x7b, 0x0e, 0x7c, 0x36, 0x9f, 0x3a, 0xda, 0x58, 0x86, 0x1c, 0x5b, 0x83,
  60. 0x79, 0xe6, 0x2b, 0xcc, 0xe6, 0xfa, 0x2c, 0x61, 0xf2, 0x78, 0x80, 0x1b,
  61. 0xe2, 0xf3, 0x9d, 0x39, 0x2b, 0x65, 0x57, 0x91, 0x3d, 0x71, 0x99, 0x73,
  62. 0xa5, 0xc2, 0x79, 0x20, 0x8c, 0x07, 0x4f, 0xe5, 0xb4, 0x60, 0x1f, 0x99,
  63. 0xa2, 0xb1, 0x4f, 0x0c, 0xef, 0xbc, 0x59, 0x53, 0x00, 0x7d, 0xb1, 0x02,
  64. 0x41, 0x00, 0xfc, 0x7e, 0x23, 0x65, 0x70, 0xf8, 0xce, 0xd3, 0x40, 0x41,
  65. 0x80, 0x6a, 0x1d, 0x01, 0xd6, 0x01, 0xff, 0xb6, 0x1b, 0x3d, 0x3d, 0x59,
  66. 0x09, 0x33, 0x79, 0xc0, 0x4f, 0xde, 0x96, 0x27, 0x4b, 0x18, 0xc6, 0xd9,
  67. 0x78, 0xf1, 0xf4, 0x35, 0x46, 0xe9, 0x7c, 0x42, 0x7a, 0x5d, 0x9f, 0xef,
  68. 0x54, 0xb8, 0xf7, 0x9f, 0xc4, 0x33, 0x6c, 0xf3, 0x8c, 0x32, 0x46, 0x87,
  69. 0x67, 0x30, 0x7b, 0xa7, 0xac, 0xe3, 0x02, 0x41, 0x00, 0xfc, 0x2c, 0xdf,
  70. 0x0c, 0x0d, 0x88, 0xf5, 0xb1, 0x92, 0xa8, 0x93, 0x47, 0x63, 0x55, 0xf5,
  71. 0xca, 0x58, 0x43, 0xba, 0x1c, 0xe5, 0x9e, 0xb6, 0x95, 0x05, 0xcd, 0xb5,
  72. 0x82, 0xdf, 0xeb, 0x04, 0x53, 0x9d, 0xbd, 0xc2, 0x38, 0x16, 0xb3, 0x62,
  73. 0xdd, 0xa1, 0x46, 0xdb, 0x6d, 0x97, 0x93, 0x9f, 0x8a, 0xc3, 0x9b, 0x64,
  74. 0x7e, 0x42, 0xe3, 0x32, 0x57, 0x19, 0x1b, 0xd5, 0x6e, 0x85, 0xfa, 0xb8,
  75. 0x8d, 0x02, 0x41, 0x00, 0xbc, 0x3d, 0xde, 0x6d, 0xd6, 0x97, 0xe8, 0xba,
  76. 0x9e, 0x81, 0x37, 0x17, 0xe5, 0xa0, 0x64, 0xc9, 0x00, 0xb7, 0xe7, 0xfe,
  77. 0xf4, 0x29, 0xd9, 0x2e, 0x43, 0x6b, 0x19, 0x20, 0xbd, 0x99, 0x75, 0xe7,
  78. 0x76, 0xf8, 0xd3, 0xae, 0xaf, 0x7e, 0xb8, 0xeb, 0x81, 0xf4, 0x9d, 0xfe,
  79. 0x07, 0x2b, 0x0b, 0x63, 0x0b, 0x5a, 0x55, 0x90, 0x71, 0x7d, 0xf1, 0xdb,
  80. 0xd9, 0xb1, 0x41, 0x41, 0x68, 0x2f, 0x4e, 0x39, 0x02, 0x40, 0x5a, 0x34,
  81. 0x66, 0xd8, 0xf5, 0xe2, 0x7f, 0x18, 0xb5, 0x00, 0x6e, 0x26, 0x84, 0x27,
  82. 0x14, 0x93, 0xfb, 0xfc, 0xc6, 0x0f, 0x5e, 0x27, 0xe6, 0xe1, 0xe9, 0xc0,
  83. 0x8a, 0xe4, 0x34, 0xda, 0xe9, 0xa2, 0x4b, 0x73, 0xbc, 0x8c, 0xb9, 0xba,
  84. 0x13, 0x6c, 0x7a, 0x2b, 0x51, 0x84, 0xa3, 0x4a, 0xe0, 0x30, 0x10, 0x06,
  85. 0x7e, 0xed, 0x17, 0x5a, 0x14, 0x00, 0xc9, 0xef, 0x85, 0xea, 0x52, 0x2c,
  86. 0xbc, 0x65, 0x02, 0x40, 0x51, 0xe3, 0xf2, 0x83, 0x19, 0x9b, 0xc4, 0x1e,
  87. 0x2f, 0x50, 0x3d, 0xdf, 0x5a, 0xa2, 0x18, 0xca, 0x5f, 0x2e, 0x49, 0xaf,
  88. 0x6f, 0xcc, 0xfa, 0x65, 0x77, 0x94, 0xb5, 0xa1, 0x0a, 0xa9, 0xd1, 0x8a,
  89. 0x39, 0x37, 0xf4, 0x0b, 0xa0, 0xd7, 0x82, 0x27, 0x5e, 0xae, 0x17, 0x17,
  90. 0xa1, 0x1e, 0x54, 0x34, 0xbf, 0x6e, 0xc4, 0x8e, 0x99, 0x5d, 0x08, 0xf1,
  91. 0x2d, 0x86, 0x9d, 0xa5, 0x20, 0x1b, 0xe5, 0xdf,
  92. };
  93. /*
  94. * kExampleDSAKeyDER is a DSA private key in ASN.1, DER format. Of course, you
  95. * should never use this key anywhere but in an example.
  96. */
  97. #ifndef OPENSSL_NO_DSA
  98. static const unsigned char kExampleDSAKeyDER[] = {
  99. 0x30, 0x82, 0x01, 0xba, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81, 0x00, 0x9a,
  100. 0x05, 0x6d, 0x33, 0xcd, 0x5d, 0x78, 0xa1, 0xbb, 0xcb, 0x7d, 0x5b, 0x8d,
  101. 0xb4, 0xcc, 0xbf, 0x03, 0x99, 0x64, 0xde, 0x38, 0x78, 0x06, 0x15, 0x2f,
  102. 0x86, 0x26, 0x77, 0xf3, 0xb1, 0x85, 0x00, 0xed, 0xfc, 0x28, 0x3a, 0x42,
  103. 0x4d, 0xab, 0xab, 0xdf, 0xbc, 0x9c, 0x16, 0xd0, 0x22, 0x50, 0xd1, 0x38,
  104. 0xdd, 0x3f, 0x64, 0x05, 0x9e, 0x68, 0x7a, 0x1e, 0xf1, 0x56, 0xbf, 0x1e,
  105. 0x2c, 0xc5, 0x97, 0x2a, 0xfe, 0x7a, 0x22, 0xdc, 0x6c, 0x68, 0xb8, 0x2e,
  106. 0x06, 0xdb, 0x41, 0xca, 0x98, 0xd8, 0x54, 0xc7, 0x64, 0x48, 0x24, 0x04,
  107. 0x20, 0xbc, 0x59, 0xe3, 0x6b, 0xea, 0x7e, 0xfc, 0x7e, 0xc5, 0x4e, 0xd4,
  108. 0xd8, 0x3a, 0xed, 0xcd, 0x5d, 0x99, 0xb8, 0x5c, 0xa2, 0x8b, 0xbb, 0x0b,
  109. 0xac, 0xe6, 0x8e, 0x25, 0x56, 0x22, 0x3a, 0x2d, 0x3a, 0x56, 0x41, 0x14,
  110. 0x1f, 0x1c, 0x8f, 0x53, 0x46, 0x13, 0x85, 0x02, 0x15, 0x00, 0x98, 0x7e,
  111. 0x92, 0x81, 0x88, 0xc7, 0x3f, 0x70, 0x49, 0x54, 0xf6, 0x76, 0xb4, 0xa3,
  112. 0x9e, 0x1d, 0x45, 0x98, 0x32, 0x7f, 0x02, 0x81, 0x80, 0x69, 0x4d, 0xef,
  113. 0x55, 0xff, 0x4d, 0x59, 0x2c, 0x01, 0xfa, 0x6a, 0x38, 0xe0, 0x70, 0x9f,
  114. 0x9e, 0x66, 0x8e, 0x3e, 0x8c, 0x52, 0x22, 0x9d, 0x15, 0x7e, 0x3c, 0xef,
  115. 0x4c, 0x7a, 0x61, 0x26, 0xe0, 0x2b, 0x81, 0x3f, 0xeb, 0xaf, 0x35, 0x38,
  116. 0x8d, 0xfe, 0xed, 0x46, 0xff, 0x5f, 0x03, 0x9b, 0x81, 0x92, 0xe7, 0x6f,
  117. 0x76, 0x4f, 0x1d, 0xd9, 0xbb, 0x89, 0xc9, 0x3e, 0xd9, 0x0b, 0xf9, 0xf4,
  118. 0x78, 0x11, 0x59, 0xc0, 0x1d, 0xcd, 0x0e, 0xa1, 0x6f, 0x15, 0xf1, 0x4d,
  119. 0xc1, 0xc9, 0x22, 0xed, 0x8d, 0xad, 0x67, 0xc5, 0x4b, 0x95, 0x93, 0x86,
  120. 0xa6, 0xaf, 0x8a, 0xee, 0x06, 0x89, 0x2f, 0x37, 0x7e, 0x64, 0xaa, 0xf6,
  121. 0xe7, 0xb1, 0x5a, 0x0a, 0x93, 0x95, 0x5d, 0x3e, 0x53, 0x9a, 0xde, 0x8a,
  122. 0xc2, 0x95, 0x45, 0x81, 0xbe, 0x5c, 0x2f, 0xc2, 0xb2, 0x92, 0x58, 0x19,
  123. 0x72, 0x80, 0xe9, 0x79, 0xa1, 0x02, 0x81, 0x80, 0x07, 0xd7, 0x62, 0xff,
  124. 0xdf, 0x1a, 0x3f, 0xed, 0x32, 0xd4, 0xd4, 0x88, 0x7b, 0x2c, 0x63, 0x7f,
  125. 0x97, 0xdc, 0x44, 0xd4, 0x84, 0xa2, 0xdd, 0x17, 0x16, 0x85, 0x13, 0xe0,
  126. 0xac, 0x51, 0x8d, 0x29, 0x1b, 0x75, 0x9a, 0xe4, 0xe3, 0x8a, 0x92, 0x69,
  127. 0x09, 0x03, 0xc5, 0x68, 0xae, 0x5e, 0x94, 0xfe, 0xc9, 0x92, 0x6c, 0x07,
  128. 0xb4, 0x1e, 0x64, 0x62, 0x87, 0xc6, 0xa4, 0xfd, 0x0d, 0x5f, 0xe5, 0xf9,
  129. 0x1b, 0x4f, 0x85, 0x5f, 0xae, 0xf3, 0x11, 0xe5, 0x18, 0xd4, 0x4d, 0x79,
  130. 0x9f, 0xc4, 0x79, 0x26, 0x04, 0x27, 0xf0, 0x0b, 0xee, 0x2b, 0x86, 0x9f,
  131. 0x86, 0x61, 0xe6, 0x51, 0xce, 0x04, 0x9b, 0x5d, 0x6b, 0x34, 0x43, 0x8c,
  132. 0x85, 0x3c, 0xf1, 0x51, 0x9b, 0x08, 0x23, 0x1b, 0xf5, 0x7e, 0x33, 0x12,
  133. 0xea, 0xab, 0x1f, 0xb7, 0x2d, 0xe2, 0x5f, 0xe6, 0x97, 0x99, 0xb5, 0x45,
  134. 0x16, 0x5b, 0xc3, 0x41, 0x02, 0x14, 0x61, 0xbf, 0x51, 0x60, 0xcf, 0xc8,
  135. 0xf1, 0x8c, 0x82, 0x97, 0xf2, 0xf4, 0x19, 0xba, 0x2b, 0xf3, 0x16, 0xbe,
  136. 0x40, 0x48
  137. };
  138. #endif
  139. /*
  140. * kExampleBadRSAKeyDER is an RSA private key in ASN.1, DER format. The private
  141. * components are not correct.
  142. */
  143. static const unsigned char kExampleBadRSAKeyDER[] = {
  144. 0x30, 0x82, 0x04, 0x27, 0x02, 0x01, 0x00, 0x02, 0x82, 0x01, 0x01, 0x00,
  145. 0xa6, 0x1a, 0x1e, 0x6e, 0x7b, 0xee, 0xc6, 0x89, 0x66, 0xe7, 0x93, 0xef,
  146. 0x54, 0x12, 0x68, 0xea, 0xbf, 0x86, 0x2f, 0xdd, 0xd2, 0x79, 0xb8, 0xa9,
  147. 0x6e, 0x03, 0xc2, 0xa3, 0xb9, 0xa3, 0xe1, 0x4b, 0x2a, 0xb3, 0xf8, 0xb4,
  148. 0xcd, 0xea, 0xbe, 0x24, 0xa6, 0x57, 0x5b, 0x83, 0x1f, 0x0f, 0xf2, 0xd3,
  149. 0xb7, 0xac, 0x7e, 0xd6, 0x8e, 0x6e, 0x1e, 0xbf, 0xb8, 0x73, 0x8c, 0x05,
  150. 0x56, 0xe6, 0x35, 0x1f, 0xe9, 0x04, 0x0b, 0x09, 0x86, 0x7d, 0xf1, 0x26,
  151. 0x08, 0x99, 0xad, 0x7b, 0xc8, 0x4d, 0x94, 0xb0, 0x0b, 0x8b, 0x38, 0xa0,
  152. 0x5c, 0x62, 0xa0, 0xab, 0xd3, 0x8f, 0xd4, 0x09, 0x60, 0x72, 0x1e, 0x33,
  153. 0x50, 0x80, 0x6e, 0x22, 0xa6, 0x77, 0x57, 0x6b, 0x9a, 0x33, 0x21, 0x66,
  154. 0x87, 0x6e, 0x21, 0x7b, 0xc7, 0x24, 0x0e, 0xd8, 0x13, 0xdf, 0x83, 0xde,
  155. 0xcd, 0x40, 0x58, 0x1d, 0x84, 0x86, 0xeb, 0xb8, 0x12, 0x4e, 0xd2, 0xfa,
  156. 0x80, 0x1f, 0xe4, 0xe7, 0x96, 0x29, 0xb8, 0xcc, 0xce, 0x66, 0x6d, 0x53,
  157. 0xca, 0xb9, 0x5a, 0xd7, 0xf6, 0x84, 0x6c, 0x2d, 0x9a, 0x1a, 0x14, 0x1c,
  158. 0x4e, 0x93, 0x39, 0xba, 0x74, 0xed, 0xed, 0x87, 0x87, 0x5e, 0x48, 0x75,
  159. 0x36, 0xf0, 0xbc, 0x34, 0xfb, 0x29, 0xf9, 0x9f, 0x96, 0x5b, 0x0b, 0xa7,
  160. 0x54, 0x30, 0x51, 0x29, 0x18, 0x5b, 0x7d, 0xac, 0x0f, 0xd6, 0x5f, 0x7c,
  161. 0xf8, 0x98, 0x8c, 0xd8, 0x86, 0x62, 0xb3, 0xdc, 0xff, 0x0f, 0xff, 0x7a,
  162. 0xaf, 0x5c, 0x4c, 0x61, 0x49, 0x2e, 0xc8, 0x95, 0x86, 0xc4, 0x0e, 0x87,
  163. 0xfc, 0x1d, 0xcf, 0x8b, 0x7c, 0x61, 0xf6, 0xd8, 0xd0, 0x69, 0xf6, 0xcd,
  164. 0x8a, 0x8c, 0xf6, 0x62, 0xa2, 0x56, 0xa9, 0xe3, 0xd1, 0xcf, 0x4d, 0xa0,
  165. 0xf6, 0x2d, 0x20, 0x0a, 0x04, 0xb7, 0xa2, 0xf7, 0xb5, 0x99, 0x47, 0x18,
  166. 0x56, 0x85, 0x87, 0xc7, 0x02, 0x03, 0x01, 0x00, 0x01, 0x02, 0x82, 0x01,
  167. 0x01, 0x00, 0x99, 0x41, 0x38, 0x1a, 0xd0, 0x96, 0x7a, 0xf0, 0x83, 0xd5,
  168. 0xdf, 0x94, 0xce, 0x89, 0x3d, 0xec, 0x7a, 0x52, 0x21, 0x10, 0x16, 0x06,
  169. 0xe0, 0xee, 0xd2, 0xe6, 0xfd, 0x4b, 0x7b, 0x19, 0x4d, 0xe1, 0xc0, 0xc0,
  170. 0xd5, 0x14, 0x5d, 0x79, 0xdd, 0x7e, 0x8b, 0x4b, 0xc6, 0xcf, 0xb0, 0x75,
  171. 0x52, 0xa3, 0x2d, 0xb1, 0x26, 0x46, 0x68, 0x9c, 0x0a, 0x1a, 0xf2, 0xe1,
  172. 0x09, 0xac, 0x53, 0x85, 0x8c, 0x36, 0xa9, 0x14, 0x65, 0xea, 0xa0, 0x00,
  173. 0xcb, 0xe3, 0x3f, 0xc4, 0x2b, 0x61, 0x2e, 0x6b, 0x06, 0x69, 0x77, 0xfd,
  174. 0x38, 0x7e, 0x1d, 0x3f, 0x92, 0xe7, 0x77, 0x08, 0x19, 0xa7, 0x9d, 0x29,
  175. 0x2d, 0xdc, 0x42, 0xc6, 0x7c, 0xd7, 0xd3, 0xa8, 0x01, 0x2c, 0xf2, 0xd5,
  176. 0x82, 0x57, 0xcb, 0x55, 0x3d, 0xe7, 0xaa, 0xd2, 0x06, 0x30, 0x30, 0x05,
  177. 0xe6, 0xf2, 0x47, 0x86, 0xba, 0xc6, 0x61, 0x64, 0xeb, 0x4f, 0x2a, 0x5e,
  178. 0x07, 0x29, 0xe0, 0x96, 0xb2, 0x43, 0xff, 0x5f, 0x1a, 0x54, 0x16, 0xcf,
  179. 0xb5, 0x56, 0x5c, 0xa0, 0x9b, 0x0c, 0xfd, 0xb3, 0xd2, 0xe3, 0x79, 0x1d,
  180. 0x21, 0xe2, 0xd6, 0x13, 0xc4, 0x74, 0xa6, 0xf5, 0x8e, 0x8e, 0x81, 0xbb,
  181. 0xb4, 0xad, 0x8a, 0xf0, 0x93, 0x0a, 0xd8, 0x0a, 0x42, 0x36, 0xbc, 0xe5,
  182. 0x26, 0x2a, 0x0d, 0x5d, 0x57, 0x13, 0xc5, 0x4e, 0x2f, 0x12, 0x0e, 0xef,
  183. 0xa7, 0x81, 0x1e, 0xc3, 0xa5, 0xdb, 0xc9, 0x24, 0xeb, 0x1a, 0xa1, 0xf9,
  184. 0xf6, 0xa1, 0x78, 0x98, 0x93, 0x77, 0x42, 0x45, 0x03, 0xe2, 0xc9, 0xa2,
  185. 0xfe, 0x2d, 0x77, 0xc8, 0xc6, 0xac, 0x9b, 0x98, 0x89, 0x6d, 0x9a, 0xe7,
  186. 0x61, 0x63, 0xb7, 0xf2, 0xec, 0xd6, 0xb1, 0xa1, 0x6e, 0x0a, 0x1a, 0xff,
  187. 0xfd, 0x43, 0x28, 0xc3, 0x0c, 0xdc, 0xf2, 0x47, 0x4f, 0x27, 0xaa, 0x99,
  188. 0x04, 0x8e, 0xac, 0xe8, 0x7c, 0x01, 0x02, 0x04, 0x12, 0x34, 0x56, 0x78,
  189. 0x02, 0x81, 0x81, 0x00, 0xca, 0x69, 0xe5, 0xbb, 0x3a, 0x90, 0x82, 0xcb,
  190. 0x82, 0x50, 0x2f, 0x29, 0xe2, 0x76, 0x6a, 0x57, 0x55, 0x45, 0x4e, 0x35,
  191. 0x18, 0x61, 0xe0, 0x12, 0x70, 0xc0, 0xab, 0xc7, 0x80, 0xa2, 0xd4, 0x46,
  192. 0x34, 0x03, 0xa0, 0x19, 0x26, 0x23, 0x9e, 0xef, 0x1a, 0xcb, 0x75, 0xd6,
  193. 0xba, 0x81, 0xf4, 0x7e, 0x52, 0xe5, 0x2a, 0xe8, 0xf1, 0x49, 0x6c, 0x0f,
  194. 0x1a, 0xa0, 0xf9, 0xc6, 0xe7, 0xec, 0x60, 0xe4, 0xcb, 0x2a, 0xb5, 0x56,
  195. 0xe9, 0x9c, 0xcd, 0x19, 0x75, 0x92, 0xb1, 0x66, 0xce, 0xc3, 0xd9, 0x3d,
  196. 0x11, 0xcb, 0xc4, 0x09, 0xce, 0x1e, 0x30, 0xba, 0x2f, 0x60, 0x60, 0x55,
  197. 0x8d, 0x02, 0xdc, 0x5d, 0xaf, 0xf7, 0x52, 0x31, 0x17, 0x07, 0x53, 0x20,
  198. 0x33, 0xad, 0x8c, 0xd5, 0x2f, 0x5a, 0xd0, 0x57, 0xd7, 0xd1, 0x80, 0xd6,
  199. 0x3a, 0x9b, 0x04, 0x4f, 0x35, 0xbf, 0xe7, 0xd5, 0xbc, 0x8f, 0xd4, 0x81,
  200. 0x02, 0x81, 0x81, 0x00, 0xc0, 0x9f, 0xf8, 0xcd, 0xf7, 0x3f, 0x26, 0x8a,
  201. 0x3d, 0x4d, 0x2b, 0x0c, 0x01, 0xd0, 0xa2, 0xb4, 0x18, 0xfe, 0xf7, 0x5e,
  202. 0x2f, 0x06, 0x13, 0xcd, 0x63, 0xaa, 0x12, 0xa9, 0x24, 0x86, 0xe3, 0xf3,
  203. 0x7b, 0xda, 0x1a, 0x3c, 0xb1, 0x38, 0x80, 0x80, 0xef, 0x64, 0x64, 0xa1,
  204. 0x9b, 0xfe, 0x76, 0x63, 0x8e, 0x83, 0xd2, 0xd9, 0xb9, 0x86, 0xb0, 0xe6,
  205. 0xa6, 0x0c, 0x7e, 0xa8, 0x84, 0x90, 0x98, 0x0c, 0x1e, 0xf3, 0x14, 0x77,
  206. 0xe0, 0x5f, 0x81, 0x08, 0x11, 0x8f, 0xa6, 0x23, 0xc4, 0xba, 0xc0, 0x8a,
  207. 0xe4, 0xc6, 0xe3, 0x5c, 0xbe, 0xc5, 0xec, 0x2c, 0xb9, 0xd8, 0x8c, 0x4d,
  208. 0x1a, 0x9d, 0xe7, 0x7c, 0x85, 0x4c, 0x0d, 0x71, 0x4e, 0x72, 0x33, 0x1b,
  209. 0xfe, 0xa9, 0x17, 0x72, 0x76, 0x56, 0x9d, 0x74, 0x7e, 0x52, 0x67, 0x9a,
  210. 0x87, 0x9a, 0xdb, 0x30, 0xde, 0xe4, 0x49, 0x28, 0x3b, 0xd2, 0x67, 0xaf,
  211. 0x02, 0x81, 0x81, 0x00, 0x89, 0x74, 0x9a, 0x8e, 0xa7, 0xb9, 0xa5, 0x28,
  212. 0xc0, 0x68, 0xe5, 0x6e, 0x63, 0x1c, 0x99, 0x20, 0x8f, 0x86, 0x8e, 0x12,
  213. 0x9e, 0x69, 0x30, 0xfa, 0x34, 0xd9, 0x92, 0x8d, 0xdb, 0x7c, 0x37, 0xfd,
  214. 0x28, 0xab, 0x61, 0x98, 0x52, 0x7f, 0x14, 0x1a, 0x39, 0xae, 0xfb, 0x6a,
  215. 0x03, 0xa3, 0xe6, 0xbd, 0xb6, 0x5b, 0x6b, 0xe5, 0x5e, 0x9d, 0xc6, 0xa5,
  216. 0x07, 0x27, 0x54, 0x17, 0xd0, 0x3d, 0x84, 0x9b, 0x3a, 0xa0, 0xd9, 0x1e,
  217. 0x99, 0x6c, 0x63, 0x17, 0xab, 0xf1, 0x1f, 0x49, 0xba, 0x95, 0xe3, 0x3b,
  218. 0x86, 0x8f, 0x42, 0xa4, 0x89, 0xf5, 0x94, 0x8f, 0x8b, 0x46, 0xbe, 0x84,
  219. 0xba, 0x4a, 0xbc, 0x0d, 0x5f, 0x46, 0xeb, 0xe8, 0xec, 0x43, 0x8c, 0x1e,
  220. 0xad, 0x19, 0x69, 0x2f, 0x08, 0x86, 0x7a, 0x3f, 0x7d, 0x0f, 0x07, 0x97,
  221. 0xf3, 0x9a, 0x7b, 0xb5, 0xb2, 0xc1, 0x8c, 0x95, 0x68, 0x04, 0xa0, 0x81,
  222. 0x02, 0x81, 0x80, 0x4e, 0xbf, 0x7e, 0x1b, 0xcb, 0x13, 0x61, 0x75, 0x3b,
  223. 0xdb, 0x59, 0x5f, 0xb1, 0xd4, 0xb8, 0xeb, 0x9e, 0x73, 0xb5, 0xe7, 0xf6,
  224. 0x89, 0x3d, 0x1c, 0xda, 0xf0, 0x36, 0xff, 0x35, 0xbd, 0x1e, 0x0b, 0x74,
  225. 0xe3, 0x9e, 0xf0, 0xf2, 0xf7, 0xd7, 0x82, 0xb7, 0x7b, 0x6a, 0x1b, 0x0e,
  226. 0x30, 0x4a, 0x98, 0x0e, 0xb4, 0xf9, 0x81, 0x07, 0xe4, 0x75, 0x39, 0xe9,
  227. 0x53, 0xca, 0xbb, 0x5c, 0xaa, 0x93, 0x07, 0x0e, 0xa8, 0x2f, 0xba, 0x98,
  228. 0x49, 0x30, 0xa7, 0xcc, 0x1a, 0x3c, 0x68, 0x0c, 0xe1, 0xa4, 0xb1, 0x05,
  229. 0xe6, 0xe0, 0x25, 0x78, 0x58, 0x14, 0x37, 0xf5, 0x1f, 0xe3, 0x22, 0xef,
  230. 0xa8, 0x0e, 0x22, 0xa0, 0x94, 0x3a, 0xf6, 0xc9, 0x13, 0xe6, 0x06, 0xbf,
  231. 0x7f, 0x99, 0xc6, 0xcc, 0xd8, 0xc6, 0xbe, 0xd9, 0x2e, 0x24, 0xc7, 0x69,
  232. 0x8c, 0x95, 0xba, 0xf6, 0x04, 0xb3, 0x0a, 0xf4, 0xcb, 0xf0, 0xce,
  233. };
  234. static const unsigned char kMsg[] = { 1, 2, 3, 4 };
  235. static const unsigned char kSignature[] = {
  236. 0xa5, 0xf0, 0x8a, 0x47, 0x5d, 0x3c, 0xb3, 0xcc, 0xa9, 0x79, 0xaf, 0x4d,
  237. 0x8c, 0xae, 0x4c, 0x14, 0xef, 0xc2, 0x0b, 0x34, 0x36, 0xde, 0xf4, 0x3e,
  238. 0x3d, 0xbb, 0x4a, 0x60, 0x5c, 0xc8, 0x91, 0x28, 0xda, 0xfb, 0x7e, 0x04,
  239. 0x96, 0x7e, 0x63, 0x13, 0x90, 0xce, 0xb9, 0xb4, 0x62, 0x7a, 0xfd, 0x09,
  240. 0x3d, 0xc7, 0x67, 0x78, 0x54, 0x04, 0xeb, 0x52, 0x62, 0x6e, 0x24, 0x67,
  241. 0xb4, 0x40, 0xfc, 0x57, 0x62, 0xc6, 0xf1, 0x67, 0xc1, 0x97, 0x8f, 0x6a,
  242. 0xa8, 0xae, 0x44, 0x46, 0x5e, 0xab, 0x67, 0x17, 0x53, 0x19, 0x3a, 0xda,
  243. 0x5a, 0xc8, 0x16, 0x3e, 0x86, 0xd5, 0xc5, 0x71, 0x2f, 0xfc, 0x23, 0x48,
  244. 0xd9, 0x0b, 0x13, 0xdd, 0x7b, 0x5a, 0x25, 0x79, 0xef, 0xa5, 0x7b, 0x04,
  245. 0xed, 0x44, 0xf6, 0x18, 0x55, 0xe4, 0x0a, 0xe9, 0x57, 0x79, 0x5d, 0xd7,
  246. 0x55, 0xa7, 0xab, 0x45, 0x02, 0x97, 0x60, 0x42,
  247. };
  248. /*
  249. * kExampleRSAKeyPKCS8 is kExampleRSAKeyDER encoded in a PKCS #8
  250. * PrivateKeyInfo.
  251. */
  252. static const unsigned char kExampleRSAKeyPKCS8[] = {
  253. 0x30, 0x82, 0x02, 0x76, 0x02, 0x01, 0x00, 0x30, 0x0d, 0x06, 0x09, 0x2a,
  254. 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x04, 0x82,
  255. 0x02, 0x60, 0x30, 0x82, 0x02, 0x5c, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81,
  256. 0x00, 0xf8, 0xb8, 0x6c, 0x83, 0xb4, 0xbc, 0xd9, 0xa8, 0x57, 0xc0, 0xa5,
  257. 0xb4, 0x59, 0x76, 0x8c, 0x54, 0x1d, 0x79, 0xeb, 0x22, 0x52, 0x04, 0x7e,
  258. 0xd3, 0x37, 0xeb, 0x41, 0xfd, 0x83, 0xf9, 0xf0, 0xa6, 0x85, 0x15, 0x34,
  259. 0x75, 0x71, 0x5a, 0x84, 0xa8, 0x3c, 0xd2, 0xef, 0x5a, 0x4e, 0xd3, 0xde,
  260. 0x97, 0x8a, 0xdd, 0xff, 0xbb, 0xcf, 0x0a, 0xaa, 0x86, 0x92, 0xbe, 0xb8,
  261. 0x50, 0xe4, 0xcd, 0x6f, 0x80, 0x33, 0x30, 0x76, 0x13, 0x8f, 0xca, 0x7b,
  262. 0xdc, 0xec, 0x5a, 0xca, 0x63, 0xc7, 0x03, 0x25, 0xef, 0xa8, 0x8a, 0x83,
  263. 0x58, 0x76, 0x20, 0xfa, 0x16, 0x77, 0xd7, 0x79, 0x92, 0x63, 0x01, 0x48,
  264. 0x1a, 0xd8, 0x7b, 0x67, 0xf1, 0x52, 0x55, 0x49, 0x4e, 0xd6, 0x6e, 0x4a,
  265. 0x5c, 0xd7, 0x7a, 0x37, 0x36, 0x0c, 0xde, 0xdd, 0x8f, 0x44, 0xe8, 0xc2,
  266. 0xa7, 0x2c, 0x2b, 0xb5, 0xaf, 0x64, 0x4b, 0x61, 0x07, 0x02, 0x03, 0x01,
  267. 0x00, 0x01, 0x02, 0x81, 0x80, 0x74, 0x88, 0x64, 0x3f, 0x69, 0x45, 0x3a,
  268. 0x6d, 0xc7, 0x7f, 0xb9, 0xa3, 0xc0, 0x6e, 0xec, 0xdc, 0xd4, 0x5a, 0xb5,
  269. 0x32, 0x85, 0x5f, 0x19, 0xd4, 0xf8, 0xd4, 0x3f, 0x3c, 0xfa, 0xc2, 0xf6,
  270. 0x5f, 0xee, 0xe6, 0xba, 0x87, 0x74, 0x2e, 0xc7, 0x0c, 0xd4, 0x42, 0xb8,
  271. 0x66, 0x85, 0x9c, 0x7b, 0x24, 0x61, 0xaa, 0x16, 0x11, 0xf6, 0xb5, 0xb6,
  272. 0xa4, 0x0a, 0xc9, 0x55, 0x2e, 0x81, 0xa5, 0x47, 0x61, 0xcb, 0x25, 0x8f,
  273. 0xc2, 0x15, 0x7b, 0x0e, 0x7c, 0x36, 0x9f, 0x3a, 0xda, 0x58, 0x86, 0x1c,
  274. 0x5b, 0x83, 0x79, 0xe6, 0x2b, 0xcc, 0xe6, 0xfa, 0x2c, 0x61, 0xf2, 0x78,
  275. 0x80, 0x1b, 0xe2, 0xf3, 0x9d, 0x39, 0x2b, 0x65, 0x57, 0x91, 0x3d, 0x71,
  276. 0x99, 0x73, 0xa5, 0xc2, 0x79, 0x20, 0x8c, 0x07, 0x4f, 0xe5, 0xb4, 0x60,
  277. 0x1f, 0x99, 0xa2, 0xb1, 0x4f, 0x0c, 0xef, 0xbc, 0x59, 0x53, 0x00, 0x7d,
  278. 0xb1, 0x02, 0x41, 0x00, 0xfc, 0x7e, 0x23, 0x65, 0x70, 0xf8, 0xce, 0xd3,
  279. 0x40, 0x41, 0x80, 0x6a, 0x1d, 0x01, 0xd6, 0x01, 0xff, 0xb6, 0x1b, 0x3d,
  280. 0x3d, 0x59, 0x09, 0x33, 0x79, 0xc0, 0x4f, 0xde, 0x96, 0x27, 0x4b, 0x18,
  281. 0xc6, 0xd9, 0x78, 0xf1, 0xf4, 0x35, 0x46, 0xe9, 0x7c, 0x42, 0x7a, 0x5d,
  282. 0x9f, 0xef, 0x54, 0xb8, 0xf7, 0x9f, 0xc4, 0x33, 0x6c, 0xf3, 0x8c, 0x32,
  283. 0x46, 0x87, 0x67, 0x30, 0x7b, 0xa7, 0xac, 0xe3, 0x02, 0x41, 0x00, 0xfc,
  284. 0x2c, 0xdf, 0x0c, 0x0d, 0x88, 0xf5, 0xb1, 0x92, 0xa8, 0x93, 0x47, 0x63,
  285. 0x55, 0xf5, 0xca, 0x58, 0x43, 0xba, 0x1c, 0xe5, 0x9e, 0xb6, 0x95, 0x05,
  286. 0xcd, 0xb5, 0x82, 0xdf, 0xeb, 0x04, 0x53, 0x9d, 0xbd, 0xc2, 0x38, 0x16,
  287. 0xb3, 0x62, 0xdd, 0xa1, 0x46, 0xdb, 0x6d, 0x97, 0x93, 0x9f, 0x8a, 0xc3,
  288. 0x9b, 0x64, 0x7e, 0x42, 0xe3, 0x32, 0x57, 0x19, 0x1b, 0xd5, 0x6e, 0x85,
  289. 0xfa, 0xb8, 0x8d, 0x02, 0x41, 0x00, 0xbc, 0x3d, 0xde, 0x6d, 0xd6, 0x97,
  290. 0xe8, 0xba, 0x9e, 0x81, 0x37, 0x17, 0xe5, 0xa0, 0x64, 0xc9, 0x00, 0xb7,
  291. 0xe7, 0xfe, 0xf4, 0x29, 0xd9, 0x2e, 0x43, 0x6b, 0x19, 0x20, 0xbd, 0x99,
  292. 0x75, 0xe7, 0x76, 0xf8, 0xd3, 0xae, 0xaf, 0x7e, 0xb8, 0xeb, 0x81, 0xf4,
  293. 0x9d, 0xfe, 0x07, 0x2b, 0x0b, 0x63, 0x0b, 0x5a, 0x55, 0x90, 0x71, 0x7d,
  294. 0xf1, 0xdb, 0xd9, 0xb1, 0x41, 0x41, 0x68, 0x2f, 0x4e, 0x39, 0x02, 0x40,
  295. 0x5a, 0x34, 0x66, 0xd8, 0xf5, 0xe2, 0x7f, 0x18, 0xb5, 0x00, 0x6e, 0x26,
  296. 0x84, 0x27, 0x14, 0x93, 0xfb, 0xfc, 0xc6, 0x0f, 0x5e, 0x27, 0xe6, 0xe1,
  297. 0xe9, 0xc0, 0x8a, 0xe4, 0x34, 0xda, 0xe9, 0xa2, 0x4b, 0x73, 0xbc, 0x8c,
  298. 0xb9, 0xba, 0x13, 0x6c, 0x7a, 0x2b, 0x51, 0x84, 0xa3, 0x4a, 0xe0, 0x30,
  299. 0x10, 0x06, 0x7e, 0xed, 0x17, 0x5a, 0x14, 0x00, 0xc9, 0xef, 0x85, 0xea,
  300. 0x52, 0x2c, 0xbc, 0x65, 0x02, 0x40, 0x51, 0xe3, 0xf2, 0x83, 0x19, 0x9b,
  301. 0xc4, 0x1e, 0x2f, 0x50, 0x3d, 0xdf, 0x5a, 0xa2, 0x18, 0xca, 0x5f, 0x2e,
  302. 0x49, 0xaf, 0x6f, 0xcc, 0xfa, 0x65, 0x77, 0x94, 0xb5, 0xa1, 0x0a, 0xa9,
  303. 0xd1, 0x8a, 0x39, 0x37, 0xf4, 0x0b, 0xa0, 0xd7, 0x82, 0x27, 0x5e, 0xae,
  304. 0x17, 0x17, 0xa1, 0x1e, 0x54, 0x34, 0xbf, 0x6e, 0xc4, 0x8e, 0x99, 0x5d,
  305. 0x08, 0xf1, 0x2d, 0x86, 0x9d, 0xa5, 0x20, 0x1b, 0xe5, 0xdf,
  306. };
  307. #ifndef OPENSSL_NO_EC
  308. /*
  309. * kExampleECKeyDER is a sample EC private key encoded as an ECPrivateKey
  310. * structure.
  311. */
  312. static const unsigned char kExampleECKeyDER[] = {
  313. 0x30, 0x77, 0x02, 0x01, 0x01, 0x04, 0x20, 0x07, 0x0f, 0x08, 0x72, 0x7a,
  314. 0xd4, 0xa0, 0x4a, 0x9c, 0xdd, 0x59, 0xc9, 0x4d, 0x89, 0x68, 0x77, 0x08,
  315. 0xb5, 0x6f, 0xc9, 0x5d, 0x30, 0x77, 0x0e, 0xe8, 0xd1, 0xc9, 0xce, 0x0a,
  316. 0x8b, 0xb4, 0x6a, 0xa0, 0x0a, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d,
  317. 0x03, 0x01, 0x07, 0xa1, 0x44, 0x03, 0x42, 0x00, 0x04, 0xe6, 0x2b, 0x69,
  318. 0xe2, 0xbf, 0x65, 0x9f, 0x97, 0xbe, 0x2f, 0x1e, 0x0d, 0x94, 0x8a, 0x4c,
  319. 0xd5, 0x97, 0x6b, 0xb7, 0xa9, 0x1e, 0x0d, 0x46, 0xfb, 0xdd, 0xa9, 0xa9,
  320. 0x1e, 0x9d, 0xdc, 0xba, 0x5a, 0x01, 0xe7, 0xd6, 0x97, 0xa8, 0x0a, 0x18,
  321. 0xf9, 0xc3, 0xc4, 0xa3, 0x1e, 0x56, 0xe2, 0x7c, 0x83, 0x48, 0xdb, 0x16,
  322. 0x1a, 0x1c, 0xf5, 0x1d, 0x7e, 0xf1, 0x94, 0x2d, 0x4b, 0xcf, 0x72, 0x22,
  323. 0xc1,
  324. };
  325. /*
  326. * kExampleBadECKeyDER is a sample EC private key encoded as an ECPrivateKey
  327. * structure. The private key is equal to the order and will fail to import
  328. */
  329. static const unsigned char kExampleBadECKeyDER[] = {
  330. 0x30, 0x66, 0x02, 0x01, 0x00, 0x30, 0x13, 0x06, 0x07, 0x2A, 0x86, 0x48,
  331. 0xCE, 0x3D, 0x02, 0x01, 0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x03,
  332. 0x01, 0x07, 0x04, 0x4C, 0x30, 0x4A, 0x02, 0x01, 0x01, 0x04, 0x20, 0xFF,
  333. 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
  334. 0xFF, 0xFF, 0xFF, 0xBC, 0xE6, 0xFA, 0xAD, 0xA7, 0x17, 0x9E, 0x84, 0xF3,
  335. 0xB9, 0xCA, 0xC2, 0xFC, 0x63, 0x25, 0x51, 0xA1, 0x23, 0x03, 0x21, 0x00,
  336. 0x00, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF,
  337. 0xFF, 0xFF, 0xFF, 0xFF, 0xBC, 0xE6, 0xFA, 0xAD, 0xA7, 0x17, 0x9E, 0x84,
  338. 0xF3, 0xB9, 0xCA, 0xC2, 0xFC, 0x63, 0x25, 0x51
  339. };
  340. /* prime256v1 */
  341. static const unsigned char kExampleECPubKeyDER[] = {
  342. 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
  343. 0x01, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, 0x03,
  344. 0x42, 0x00, 0x04, 0xba, 0xeb, 0x83, 0xfb, 0x3b, 0xb2, 0xff, 0x30, 0x53,
  345. 0xdb, 0xce, 0x32, 0xf2, 0xac, 0xae, 0x44, 0x0d, 0x3d, 0x13, 0x53, 0xb8,
  346. 0xd1, 0x68, 0x55, 0xde, 0x44, 0x46, 0x05, 0xa6, 0xc9, 0xd2, 0x04, 0xb7,
  347. 0xe3, 0xa2, 0x96, 0xc8, 0xb2, 0x5e, 0x22, 0x03, 0xd7, 0x03, 0x7a, 0x8b,
  348. 0x13, 0x5c, 0x42, 0x49, 0xc2, 0xab, 0x86, 0xd6, 0xac, 0x6b, 0x93, 0x20,
  349. 0x56, 0x6a, 0xc6, 0xc8, 0xa5, 0x0b, 0xe5
  350. };
  351. /*
  352. * kExampleBadECPubKeyDER is a sample EC public key with a wrong OID
  353. * 1.2.840.10045.2.2 instead of 1.2.840.10045.2.1 - EC Public Key
  354. */
  355. static const unsigned char kExampleBadECPubKeyDER[] = {
  356. 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
  357. 0x02, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, 0x03,
  358. 0x42, 0x00, 0x04, 0xba, 0xeb, 0x83, 0xfb, 0x3b, 0xb2, 0xff, 0x30, 0x53,
  359. 0xdb, 0xce, 0x32, 0xf2, 0xac, 0xae, 0x44, 0x0d, 0x3d, 0x13, 0x53, 0xb8,
  360. 0xd1, 0x68, 0x55, 0xde, 0x44, 0x46, 0x05, 0xa6, 0xc9, 0xd2, 0x04, 0xb7,
  361. 0xe3, 0xa2, 0x96, 0xc8, 0xb2, 0x5e, 0x22, 0x03, 0xd7, 0x03, 0x7a, 0x8b,
  362. 0x13, 0x5c, 0x42, 0x49, 0xc2, 0xab, 0x86, 0xd6, 0xac, 0x6b, 0x93, 0x20,
  363. 0x56, 0x6a, 0xc6, 0xc8, 0xa5, 0x0b, 0xe5
  364. };
  365. static const unsigned char pExampleECParamDER[] = {
  366. 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07
  367. };
  368. #endif
  369. typedef struct APK_DATA_st {
  370. const unsigned char *kder;
  371. size_t size;
  372. int evptype;
  373. int check;
  374. int pub_check;
  375. int param_check;
  376. int type; /* 0 for private, 1 for public, 2 for params */
  377. } APK_DATA;
  378. static APK_DATA keydata[] = {
  379. {kExampleRSAKeyDER, sizeof(kExampleRSAKeyDER), EVP_PKEY_RSA},
  380. {kExampleRSAKeyPKCS8, sizeof(kExampleRSAKeyPKCS8), EVP_PKEY_RSA},
  381. #ifndef OPENSSL_NO_EC
  382. {kExampleECKeyDER, sizeof(kExampleECKeyDER), EVP_PKEY_EC}
  383. #endif
  384. };
  385. static APK_DATA keycheckdata[] = {
  386. {kExampleRSAKeyDER, sizeof(kExampleRSAKeyDER), EVP_PKEY_RSA, 1, 1, 1, 0},
  387. {kExampleBadRSAKeyDER, sizeof(kExampleBadRSAKeyDER), EVP_PKEY_RSA,
  388. 0, 1, 1, 0},
  389. #ifndef OPENSSL_NO_EC
  390. {kExampleECKeyDER, sizeof(kExampleECKeyDER), EVP_PKEY_EC, 1, 1, 1, 0},
  391. /* group is also associated in our pub key */
  392. {kExampleECPubKeyDER, sizeof(kExampleECPubKeyDER), EVP_PKEY_EC, 0, 1, 1, 1},
  393. {pExampleECParamDER, sizeof(pExampleECParamDER), EVP_PKEY_EC, 0, 0, 1, 2}
  394. #endif
  395. };
  396. static EVP_PKEY *load_example_key(const char *keytype,
  397. const unsigned char *data, size_t data_len)
  398. {
  399. const unsigned char **pdata = &data;
  400. EVP_PKEY *pkey = NULL;
  401. OSSL_DECODER_CTX *dctx =
  402. OSSL_DECODER_CTX_new_by_EVP_PKEY(&pkey, "DER", NULL, keytype, 0,
  403. testctx, NULL);
  404. /* |pkey| will be NULL on error */
  405. (void)OSSL_DECODER_from_data(dctx, pdata, &data_len);
  406. OSSL_DECODER_CTX_free(dctx);
  407. return pkey;
  408. }
  409. static EVP_PKEY *load_example_rsa_key(void)
  410. {
  411. return load_example_key("RSA", kExampleRSAKeyDER,
  412. sizeof(kExampleRSAKeyDER));
  413. }
  414. #ifndef OPENSSL_NO_DSA
  415. static EVP_PKEY *load_example_dsa_key(void)
  416. {
  417. EVP_PKEY *ret = NULL;
  418. const unsigned char *derp = kExampleDSAKeyDER;
  419. EVP_PKEY *pkey = NULL;
  420. DSA *dsa = NULL;
  421. if (!TEST_true(d2i_DSAPrivateKey(&dsa, &derp, sizeof(kExampleDSAKeyDER))))
  422. return NULL;
  423. if (!TEST_ptr(pkey = EVP_PKEY_new())
  424. || !TEST_true(EVP_PKEY_set1_DSA(pkey, dsa)))
  425. goto end;
  426. ret = pkey;
  427. pkey = NULL;
  428. end:
  429. EVP_PKEY_free(pkey);
  430. DSA_free(dsa);
  431. return ret;
  432. }
  433. #endif
  434. static EVP_PKEY *load_example_hmac_key(void)
  435. {
  436. EVP_PKEY *pkey = NULL;
  437. unsigned char key[] = {
  438. 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
  439. 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
  440. 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f
  441. };
  442. pkey = EVP_PKEY_new_raw_private_key(EVP_PKEY_HMAC, NULL, key, sizeof(key));
  443. if (!TEST_ptr(pkey))
  444. return NULL;
  445. return pkey;
  446. }
  447. static int test_EVP_set_default_properties(void)
  448. {
  449. OSSL_LIB_CTX *ctx;
  450. EVP_MD *md = NULL;
  451. int res = 0;
  452. if (!TEST_ptr(ctx = OSSL_LIB_CTX_new())
  453. || !TEST_ptr(md = EVP_MD_fetch(ctx, "sha256", NULL)))
  454. goto err;
  455. EVP_MD_free(md);
  456. md = NULL;
  457. if (!TEST_true(EVP_set_default_properties(ctx, "provider=fizzbang"))
  458. || !TEST_ptr_null(md = EVP_MD_fetch(ctx, "sha256", NULL))
  459. || !TEST_ptr(md = EVP_MD_fetch(ctx, "sha256", "-provider")))
  460. goto err;
  461. EVP_MD_free(md);
  462. md = NULL;
  463. if (!TEST_true(EVP_set_default_properties(ctx, NULL))
  464. || !TEST_ptr(md = EVP_MD_fetch(ctx, "sha256", NULL)))
  465. goto err;
  466. res = 1;
  467. err:
  468. EVP_MD_free(md);
  469. OSSL_LIB_CTX_free(ctx);
  470. return res;
  471. }
  472. static int test_EVP_Enveloped(void)
  473. {
  474. int ret = 0;
  475. EVP_CIPHER_CTX *ctx = NULL;
  476. EVP_PKEY *keypair = NULL;
  477. unsigned char *kek = NULL;
  478. unsigned char iv[EVP_MAX_IV_LENGTH];
  479. static const unsigned char msg[] = { 1, 2, 3, 4, 5, 6, 7, 8 };
  480. int len, kek_len, ciphertext_len, plaintext_len;
  481. unsigned char ciphertext[32], plaintext[16];
  482. const EVP_CIPHER *type = EVP_aes_256_cbc();
  483. if (!TEST_ptr(keypair = load_example_rsa_key())
  484. || !TEST_ptr(kek = OPENSSL_zalloc(EVP_PKEY_size(keypair)))
  485. || !TEST_ptr(ctx = EVP_CIPHER_CTX_new())
  486. || !TEST_true(EVP_SealInit(ctx, type, &kek, &kek_len, iv,
  487. &keypair, 1))
  488. || !TEST_true(EVP_SealUpdate(ctx, ciphertext, &ciphertext_len,
  489. msg, sizeof(msg)))
  490. || !TEST_true(EVP_SealFinal(ctx, ciphertext + ciphertext_len,
  491. &len)))
  492. goto err;
  493. ciphertext_len += len;
  494. if (!TEST_true(EVP_OpenInit(ctx, type, kek, kek_len, iv, keypair))
  495. || !TEST_true(EVP_OpenUpdate(ctx, plaintext, &plaintext_len,
  496. ciphertext, ciphertext_len))
  497. || !TEST_true(EVP_OpenFinal(ctx, plaintext + plaintext_len, &len)))
  498. goto err;
  499. plaintext_len += len;
  500. if (!TEST_mem_eq(msg, sizeof(msg), plaintext, plaintext_len))
  501. goto err;
  502. ret = 1;
  503. err:
  504. OPENSSL_free(kek);
  505. EVP_PKEY_free(keypair);
  506. EVP_CIPHER_CTX_free(ctx);
  507. return ret;
  508. }
  509. /*
  510. * Test 0: Standard calls to EVP_DigestSignInit/Update/Final (Implicit fetch digest, RSA)
  511. * Test 1: Standard calls to EVP_DigestSignInit/Update/Final (Implicit fetch digest, DSA)
  512. * Test 2: Standard calls to EVP_DigestSignInit/Update/Final (Implicit fetch digest, HMAC)
  513. * Test 3: Standard calls to EVP_DigestSignInit/Update/Final (Explicit fetch digest, RSA)
  514. * Test 4: Standard calls to EVP_DigestSignInit/Update/Final (Explicit fetch digest, DSA)
  515. * Test 5: Standard calls to EVP_DigestSignInit/Update/Final (Explicit fetch diegst, HMAC)
  516. * Test 6: Use an MD BIO to do the Update calls instead (RSA)
  517. * Test 7: Use an MD BIO to do the Update calls instead (DSA)
  518. * Test 8: Use an MD BIO to do the Update calls instead (HMAC)
  519. */
  520. static int test_EVP_DigestSignInit(int tst)
  521. {
  522. int ret = 0;
  523. EVP_PKEY *pkey = NULL;
  524. unsigned char *sig = NULL;
  525. size_t sig_len = 0;
  526. EVP_MD_CTX *md_ctx = NULL, *md_ctx_verify = NULL;
  527. EVP_MD_CTX *a_md_ctx = NULL, *a_md_ctx_verify = NULL;
  528. BIO *mdbio = NULL, *membio = NULL;
  529. size_t written;
  530. const EVP_MD *md;
  531. EVP_MD *mdexp = NULL;
  532. if (tst >= 6) {
  533. membio = BIO_new(BIO_s_mem());
  534. mdbio = BIO_new(BIO_f_md());
  535. if (!TEST_ptr(membio) || !TEST_ptr(mdbio))
  536. goto out;
  537. BIO_push(mdbio, membio);
  538. if (!TEST_int_gt(BIO_get_md_ctx(mdbio, &md_ctx), 0))
  539. goto out;
  540. } else {
  541. if (!TEST_ptr(a_md_ctx = md_ctx = EVP_MD_CTX_new())
  542. || !TEST_ptr(a_md_ctx_verify = md_ctx_verify = EVP_MD_CTX_new()))
  543. goto out;
  544. }
  545. if (tst == 0 || tst == 3 || tst == 6) {
  546. if (!TEST_ptr(pkey = load_example_rsa_key()))
  547. goto out;
  548. } else if (tst == 1 || tst == 4 || tst == 7) {
  549. #ifndef OPENSSL_NO_DSA
  550. if (!TEST_ptr(pkey = load_example_dsa_key()))
  551. goto out;
  552. #else
  553. ret = 1;
  554. goto out;
  555. #endif
  556. } else {
  557. if (!TEST_ptr(pkey = load_example_hmac_key()))
  558. goto out;
  559. }
  560. if (tst >= 3 && tst <= 5)
  561. md = mdexp = EVP_MD_fetch(NULL, "SHA256", NULL);
  562. else
  563. md = EVP_sha256();
  564. if (!TEST_true(EVP_DigestSignInit(md_ctx, NULL, md, NULL, pkey)))
  565. goto out;
  566. if (tst >= 6) {
  567. if (!BIO_write_ex(mdbio, kMsg, sizeof(kMsg), &written))
  568. goto out;
  569. } else {
  570. if (!TEST_true(EVP_DigestSignUpdate(md_ctx, kMsg, sizeof(kMsg))))
  571. goto out;
  572. }
  573. /* Determine the size of the signature. */
  574. if (!TEST_true(EVP_DigestSignFinal(md_ctx, NULL, &sig_len))
  575. || !TEST_ptr(sig = OPENSSL_malloc(sig_len))
  576. || !TEST_true(EVP_DigestSignFinal(md_ctx, sig, &sig_len)))
  577. goto out;
  578. if (tst >= 6) {
  579. if (!TEST_int_gt(BIO_reset(mdbio), 0)
  580. || !TEST_int_gt(BIO_get_md_ctx(mdbio, &md_ctx_verify), 0))
  581. goto out;
  582. }
  583. /*
  584. * Ensure that the signature round-trips (Verification isn't supported for
  585. * HMAC via EVP_DigestVerify*)
  586. */
  587. if (tst != 2 && tst != 5 && tst != 8) {
  588. if (!TEST_true(EVP_DigestVerifyInit(md_ctx_verify, NULL, md,
  589. NULL, pkey)))
  590. goto out;
  591. if (tst >= 6) {
  592. if (!TEST_true(BIO_write_ex(mdbio, kMsg, sizeof(kMsg), &written)))
  593. goto out;
  594. } else {
  595. if (!TEST_true(EVP_DigestVerifyUpdate(md_ctx_verify, kMsg,
  596. sizeof(kMsg))))
  597. goto out;
  598. }
  599. if (!TEST_true(EVP_DigestVerifyFinal(md_ctx_verify, sig, sig_len)))
  600. goto out;
  601. }
  602. ret = 1;
  603. out:
  604. BIO_free(membio);
  605. BIO_free(mdbio);
  606. EVP_MD_CTX_free(a_md_ctx);
  607. EVP_MD_CTX_free(a_md_ctx_verify);
  608. EVP_PKEY_free(pkey);
  609. OPENSSL_free(sig);
  610. EVP_MD_free(mdexp);
  611. return ret;
  612. }
  613. static int test_EVP_DigestVerifyInit(void)
  614. {
  615. int ret = 0;
  616. EVP_PKEY *pkey = NULL;
  617. EVP_MD_CTX *md_ctx = NULL;
  618. if (!TEST_ptr(md_ctx = EVP_MD_CTX_new())
  619. || !TEST_ptr(pkey = load_example_rsa_key()))
  620. goto out;
  621. if (!TEST_true(EVP_DigestVerifyInit(md_ctx, NULL, EVP_sha256(), NULL, pkey))
  622. || !TEST_true(EVP_DigestVerifyUpdate(md_ctx, kMsg, sizeof(kMsg)))
  623. || !TEST_true(EVP_DigestVerifyFinal(md_ctx, kSignature,
  624. sizeof(kSignature))))
  625. goto out;
  626. ret = 1;
  627. out:
  628. EVP_MD_CTX_free(md_ctx);
  629. EVP_PKEY_free(pkey);
  630. return ret;
  631. }
  632. /*
  633. * Test corner cases of EVP_DigestInit/Update/Final API call behavior.
  634. */
  635. static int test_EVP_Digest(void)
  636. {
  637. int ret = 0;
  638. EVP_MD_CTX *md_ctx = NULL;
  639. unsigned char md[EVP_MAX_MD_SIZE];
  640. if (!TEST_ptr(md_ctx = EVP_MD_CTX_new()))
  641. goto out;
  642. if (!TEST_true(EVP_DigestInit_ex(md_ctx, EVP_sha256(), NULL))
  643. || !TEST_true(EVP_DigestUpdate(md_ctx, kMsg, sizeof(kMsg)))
  644. || !TEST_true(EVP_DigestFinal(md_ctx, md, NULL))
  645. /* EVP_DigestFinal resets the EVP_MD_CTX. */
  646. || !TEST_ptr_eq(EVP_MD_CTX_md(md_ctx), NULL))
  647. goto out;
  648. if (!TEST_true(EVP_DigestInit_ex(md_ctx, EVP_sha256(), NULL))
  649. || !TEST_true(EVP_DigestUpdate(md_ctx, kMsg, sizeof(kMsg)))
  650. || !TEST_true(EVP_DigestFinal_ex(md_ctx, md, NULL))
  651. /* EVP_DigestFinal_ex does not reset the EVP_MD_CTX. */
  652. || !TEST_ptr(EVP_MD_CTX_md(md_ctx))
  653. /*
  654. * EVP_DigestInit_ex with NULL type should work on
  655. * pre-initialized context.
  656. */
  657. || !TEST_true(EVP_DigestInit_ex(md_ctx, NULL, NULL)))
  658. goto out;
  659. if (!TEST_true(EVP_DigestInit_ex(md_ctx, EVP_shake256(), NULL))
  660. || !TEST_true(EVP_DigestUpdate(md_ctx, kMsg, sizeof(kMsg)))
  661. || !TEST_true(EVP_DigestFinalXOF(md_ctx, md, sizeof(md)))
  662. /* EVP_DigestFinalXOF does not reset the EVP_MD_CTX. */
  663. || !TEST_ptr(EVP_MD_CTX_md(md_ctx))
  664. || !TEST_true(EVP_DigestInit_ex(md_ctx, NULL, NULL)))
  665. goto out;
  666. ret = 1;
  667. out:
  668. EVP_MD_CTX_free(md_ctx);
  669. return ret;
  670. }
  671. static int test_d2i_AutoPrivateKey(int i)
  672. {
  673. int ret = 0;
  674. const unsigned char *p;
  675. EVP_PKEY *pkey = NULL;
  676. const APK_DATA *ak = &keydata[i];
  677. const unsigned char *input = ak->kder;
  678. size_t input_len = ak->size;
  679. int expected_id = ak->evptype;
  680. p = input;
  681. if (!TEST_ptr(pkey = d2i_AutoPrivateKey(NULL, &p, input_len))
  682. || !TEST_ptr_eq(p, input + input_len)
  683. || !TEST_int_eq(EVP_PKEY_id(pkey), expected_id))
  684. goto done;
  685. ret = 1;
  686. done:
  687. EVP_PKEY_free(pkey);
  688. return ret;
  689. }
  690. #ifndef OPENSSL_NO_EC
  691. static const unsigned char ec_public_sect163k1_validxy[] = {
  692. 0x30, 0x40, 0x30, 0x10, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
  693. 0x01, 0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x01, 0x03, 0x2c, 0x00, 0x04,
  694. 0x02, 0x84, 0x58, 0xa6, 0xd4, 0xa0, 0x35, 0x2b, 0xae, 0xf0, 0xc0, 0x69,
  695. 0x05, 0xcf, 0x2a, 0x50, 0x33, 0xf9, 0xe3, 0x92, 0x79, 0x02, 0xd1, 0x7b,
  696. 0x9f, 0x22, 0x00, 0xf0, 0x3b, 0x0e, 0x5d, 0x2e, 0xb7, 0x23, 0x24, 0xf3,
  697. 0x6a, 0xd8, 0x17, 0x65, 0x41, 0x2f
  698. };
  699. static const unsigned char ec_public_sect163k1_badx[] = {
  700. 0x30, 0x40, 0x30, 0x10, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
  701. 0x01, 0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x01, 0x03, 0x2c, 0x00, 0x04,
  702. 0x0a, 0x84, 0x58, 0xa6, 0xd4, 0xa0, 0x35, 0x2b, 0xae, 0xf0, 0xc0, 0x69,
  703. 0x05, 0xcf, 0x2a, 0x50, 0x33, 0xf9, 0xe3, 0x92, 0xb0, 0x02, 0xd1, 0x7b,
  704. 0x9f, 0x22, 0x00, 0xf0, 0x3b, 0x0e, 0x5d, 0x2e, 0xb7, 0x23, 0x24, 0xf3,
  705. 0x6a, 0xd8, 0x17, 0x65, 0x41, 0x2f
  706. };
  707. static const unsigned char ec_public_sect163k1_bady[] = {
  708. 0x30, 0x40, 0x30, 0x10, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
  709. 0x01, 0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x01, 0x03, 0x2c, 0x00, 0x04,
  710. 0x02, 0x84, 0x58, 0xa6, 0xd4, 0xa0, 0x35, 0x2b, 0xae, 0xf0, 0xc0, 0x69,
  711. 0x05, 0xcf, 0x2a, 0x50, 0x33, 0xf9, 0xe3, 0x92, 0x79, 0x0a, 0xd1, 0x7b,
  712. 0x9f, 0x22, 0x00, 0xf0, 0x3b, 0x0e, 0x5d, 0x2e, 0xb7, 0x23, 0x24, 0xf3,
  713. 0x6a, 0xd8, 0x17, 0x65, 0x41, 0xe6
  714. };
  715. static struct ec_der_pub_keys_st {
  716. const unsigned char *der;
  717. size_t len;
  718. int valid;
  719. } ec_der_pub_keys[] = {
  720. { ec_public_sect163k1_validxy, sizeof(ec_public_sect163k1_validxy), 1 },
  721. { ec_public_sect163k1_badx, sizeof(ec_public_sect163k1_badx), 0 },
  722. { ec_public_sect163k1_bady, sizeof(ec_public_sect163k1_bady), 0 },
  723. };
  724. /*
  725. * Tests the range of the decoded EC char2 public point.
  726. * See ec_GF2m_simple_oct2point().
  727. */
  728. static int test_invalide_ec_char2_pub_range_decode(int id)
  729. {
  730. int ret = 0;
  731. BIO *bio = NULL;
  732. EC_KEY *eckey = NULL;
  733. if (!TEST_ptr(bio = BIO_new_mem_buf(ec_der_pub_keys[id].der,
  734. ec_der_pub_keys[id].len)))
  735. goto err;
  736. eckey = d2i_EC_PUBKEY_bio(bio, NULL);
  737. ret = (ec_der_pub_keys[id].valid && TEST_ptr(eckey))
  738. || TEST_ptr_null(eckey);
  739. err:
  740. EC_KEY_free(eckey);
  741. BIO_free(bio);
  742. return ret;
  743. }
  744. /* Tests loading a bad key in PKCS8 format */
  745. static int test_EVP_PKCS82PKEY(void)
  746. {
  747. int ret = 0;
  748. const unsigned char *derp = kExampleBadECKeyDER;
  749. PKCS8_PRIV_KEY_INFO *p8inf = NULL;
  750. EVP_PKEY *pkey = NULL;
  751. if (!TEST_ptr(p8inf = d2i_PKCS8_PRIV_KEY_INFO(NULL, &derp,
  752. sizeof(kExampleBadECKeyDER))))
  753. goto done;
  754. if (!TEST_ptr_eq(derp,
  755. kExampleBadECKeyDER + sizeof(kExampleBadECKeyDER)))
  756. goto done;
  757. if (!TEST_ptr_null(pkey = EVP_PKCS82PKEY(p8inf)))
  758. goto done;
  759. ret = 1;
  760. done:
  761. PKCS8_PRIV_KEY_INFO_free(p8inf);
  762. EVP_PKEY_free(pkey);
  763. return ret;
  764. }
  765. #endif
  766. /* This uses kExampleRSAKeyDER and kExampleRSAKeyPKCS8 to verify encoding */
  767. static int test_privatekey_to_pkcs8(void)
  768. {
  769. EVP_PKEY *pkey = NULL;
  770. BIO *membio = NULL;
  771. char *membuf = NULL;
  772. long membuf_len = 0;
  773. int ok = 0;
  774. if (!TEST_ptr(membio = BIO_new(BIO_s_mem()))
  775. || !TEST_ptr(pkey = load_example_rsa_key())
  776. || !TEST_int_gt(i2d_PKCS8PrivateKey_bio(membio, pkey, NULL,
  777. NULL, 0, NULL, NULL),
  778. 0)
  779. || !TEST_int_gt(membuf_len = BIO_get_mem_data(membio, &membuf), 0)
  780. || !TEST_ptr(membuf)
  781. || !TEST_mem_eq(membuf, (size_t)membuf_len,
  782. kExampleRSAKeyPKCS8, sizeof(kExampleRSAKeyPKCS8))
  783. /*
  784. * We try to write PEM as well, just to see that it doesn't err, but
  785. * assume that the result is correct.
  786. */
  787. || !TEST_int_gt(PEM_write_bio_PKCS8PrivateKey(membio, pkey, NULL,
  788. NULL, 0, NULL, NULL),
  789. 0))
  790. goto done;
  791. ok = 1;
  792. done:
  793. EVP_PKEY_free(pkey);
  794. BIO_free_all(membio);
  795. return ok;
  796. }
  797. #ifndef OPENSSL_NO_EC
  798. static const struct {
  799. int encoding;
  800. const char *encoding_name;
  801. } ec_encodings[] = {
  802. { OPENSSL_EC_EXPLICIT_CURVE, OSSL_PKEY_EC_ENCODING_EXPLICIT },
  803. { OPENSSL_EC_NAMED_CURVE, OSSL_PKEY_EC_ENCODING_GROUP }
  804. };
  805. static int ec_export_get_encoding_cb(const OSSL_PARAM params[], void *arg)
  806. {
  807. const OSSL_PARAM *p;
  808. const char *enc_name = NULL;
  809. int *enc = arg;
  810. size_t i;
  811. *enc = -1;
  812. if (!TEST_ptr(p = OSSL_PARAM_locate_const(params,
  813. OSSL_PKEY_PARAM_EC_ENCODING))
  814. || !TEST_true(OSSL_PARAM_get_utf8_string_ptr(p, &enc_name)))
  815. return 0;
  816. for (i = 0; i < OSSL_NELEM(ec_encodings); i++) {
  817. if (strcasecmp(enc_name, ec_encodings[i].encoding_name) == 0) {
  818. *enc = ec_encodings[i].encoding;
  819. break;
  820. }
  821. }
  822. return (*enc != -1);
  823. }
  824. static int test_EC_keygen_with_enc(int idx)
  825. {
  826. EVP_PKEY *params = NULL, *key = NULL;
  827. EVP_PKEY_CTX *pctx = NULL, *kctx = NULL;
  828. int enc;
  829. int ret = 0;
  830. enc = ec_encodings[idx].encoding;
  831. /* Create key parameters */
  832. if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, "EC", NULL))
  833. || !TEST_true(EVP_PKEY_paramgen_init(pctx))
  834. || !TEST_true(EVP_PKEY_CTX_set_group_name(pctx, "P-256"))
  835. || !TEST_true(EVP_PKEY_CTX_set_ec_param_enc(pctx, enc))
  836. || !TEST_true(EVP_PKEY_paramgen(pctx, &params))
  837. || !TEST_ptr(params))
  838. goto done;
  839. /* Create key */
  840. if (!TEST_ptr(kctx = EVP_PKEY_CTX_new_from_pkey(testctx, params, NULL))
  841. || !TEST_true(EVP_PKEY_keygen_init(kctx))
  842. || !TEST_true(EVP_PKEY_keygen(kctx, &key))
  843. || !TEST_ptr(key))
  844. goto done;
  845. /* Check that the encoding got all the way into the key */
  846. if (!TEST_true(evp_keymgmt_util_export(key, OSSL_KEYMGMT_SELECT_ALL,
  847. ec_export_get_encoding_cb, &enc))
  848. || !TEST_int_eq(enc, ec_encodings[idx].encoding))
  849. goto done;
  850. ret = 1;
  851. done:
  852. EVP_PKEY_free(key);
  853. EVP_PKEY_free(params);
  854. EVP_PKEY_CTX_free(kctx);
  855. EVP_PKEY_CTX_free(pctx);
  856. return ret;
  857. }
  858. #endif
  859. #if !defined(OPENSSL_NO_SM2) && !defined(FIPS_MODULE)
  860. static int test_EVP_SM2_verify(void)
  861. {
  862. const char *pubkey =
  863. "-----BEGIN PUBLIC KEY-----\n"
  864. "MFkwEwYHKoZIzj0CAQYIKoEcz1UBgi0DQgAEp1KLWq1ZE2jmoAnnBJE1LBGxVr18\n"
  865. "YvvqECWCpXfAQ9qUJ+UmthnUPf0iM3SaXKHe6PlLIDyNlWMWb9RUh/yU3g==\n"
  866. "-----END PUBLIC KEY-----\n";
  867. const char *msg = "message digest";
  868. const char *id = "ALICE123@YAHOO.COM";
  869. const uint8_t signature[] = {
  870. 0x30, 0x44, 0x02, 0x20, 0x5b, 0xdb, 0xab, 0x81, 0x4f, 0xbb,
  871. 0x8b, 0x69, 0xb1, 0x05, 0x9c, 0x99, 0x3b, 0xb2, 0x45, 0x06,
  872. 0x4a, 0x30, 0x15, 0x59, 0x84, 0xcd, 0xee, 0x30, 0x60, 0x36,
  873. 0x57, 0x87, 0xef, 0x5c, 0xd0, 0xbe, 0x02, 0x20, 0x43, 0x8d,
  874. 0x1f, 0xc7, 0x77, 0x72, 0x39, 0xbb, 0x72, 0xe1, 0xfd, 0x07,
  875. 0x58, 0xd5, 0x82, 0xc8, 0x2d, 0xba, 0x3b, 0x2c, 0x46, 0x24,
  876. 0xe3, 0x50, 0xff, 0x04, 0xc7, 0xa0, 0x71, 0x9f, 0xa4, 0x70
  877. };
  878. int rc = 0;
  879. BIO *bio = NULL;
  880. EVP_PKEY *pkey = NULL;
  881. EVP_MD_CTX *mctx = NULL;
  882. EVP_PKEY_CTX *pctx = NULL;
  883. bio = BIO_new_mem_buf(pubkey, strlen(pubkey));
  884. if (!TEST_true(bio != NULL))
  885. goto done;
  886. pkey = PEM_read_bio_PUBKEY(bio, NULL, NULL, NULL);
  887. if (!TEST_true(pkey != NULL))
  888. goto done;
  889. if (!TEST_true(EVP_PKEY_is_a(pkey, "SM2")))
  890. goto done;
  891. if (!TEST_ptr(mctx = EVP_MD_CTX_new()))
  892. goto done;
  893. if (!TEST_ptr(pctx = EVP_PKEY_CTX_new(pkey, NULL)))
  894. goto done;
  895. EVP_MD_CTX_set_pkey_ctx(mctx, pctx);
  896. if (!TEST_true(EVP_DigestVerifyInit(mctx, NULL, EVP_sm3(), NULL, pkey)))
  897. goto done;
  898. if (!TEST_int_gt(EVP_PKEY_CTX_set1_id(pctx, id, strlen(id)), 0))
  899. goto done;
  900. if (!TEST_true(EVP_DigestVerifyUpdate(mctx, msg, strlen(msg))))
  901. goto done;
  902. if (!TEST_true(EVP_DigestVerifyFinal(mctx, signature, sizeof(signature))))
  903. goto done;
  904. rc = 1;
  905. done:
  906. BIO_free(bio);
  907. EVP_PKEY_free(pkey);
  908. EVP_PKEY_CTX_free(pctx);
  909. EVP_MD_CTX_free(mctx);
  910. return rc;
  911. }
  912. static int test_EVP_SM2(void)
  913. {
  914. int ret = 0;
  915. EVP_PKEY *pkey = NULL;
  916. EVP_PKEY *pkeyparams = NULL;
  917. EVP_PKEY_CTX *pctx = NULL;
  918. EVP_PKEY_CTX *kctx = NULL;
  919. EVP_PKEY_CTX *sctx = NULL;
  920. size_t sig_len = 0;
  921. unsigned char *sig = NULL;
  922. EVP_MD_CTX *md_ctx = NULL;
  923. EVP_MD_CTX *md_ctx_verify = NULL;
  924. EVP_PKEY_CTX *cctx = NULL;
  925. uint8_t ciphertext[128];
  926. size_t ctext_len = sizeof(ciphertext);
  927. uint8_t plaintext[8];
  928. size_t ptext_len = sizeof(plaintext);
  929. uint8_t sm2_id[] = {1, 2, 3, 4, 'l', 'e', 't', 't', 'e', 'r'};
  930. OSSL_PARAM sparams[2] = {OSSL_PARAM_END, OSSL_PARAM_END};
  931. OSSL_PARAM gparams[2] = {OSSL_PARAM_END, OSSL_PARAM_END};
  932. int i;
  933. char mdname[20];
  934. pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_SM2, NULL);
  935. if (!TEST_ptr(pctx))
  936. goto done;
  937. if (!TEST_true(EVP_PKEY_paramgen_init(pctx) == 1))
  938. goto done;
  939. /* TODO is this even needed? */
  940. if (!TEST_true(EVP_PKEY_CTX_set_ec_paramgen_curve_nid(pctx, NID_sm2)))
  941. goto done;
  942. if (!TEST_true(EVP_PKEY_paramgen(pctx, &pkeyparams)))
  943. goto done;
  944. kctx = EVP_PKEY_CTX_new(pkeyparams, NULL);
  945. if (!TEST_ptr(kctx))
  946. goto done;
  947. if (!TEST_true(EVP_PKEY_keygen_init(kctx)))
  948. goto done;
  949. if (!TEST_true(EVP_PKEY_keygen(kctx, &pkey)))
  950. goto done;
  951. if (!TEST_ptr(md_ctx = EVP_MD_CTX_new()))
  952. goto done;
  953. if (!TEST_ptr(md_ctx_verify = EVP_MD_CTX_new()))
  954. goto done;
  955. if (!TEST_ptr(sctx = EVP_PKEY_CTX_new(pkey, NULL)))
  956. goto done;
  957. EVP_MD_CTX_set_pkey_ctx(md_ctx, sctx);
  958. EVP_MD_CTX_set_pkey_ctx(md_ctx_verify, sctx);
  959. if (!TEST_true(EVP_DigestSignInit(md_ctx, NULL, EVP_sm3(), NULL, pkey)))
  960. goto done;
  961. if (!TEST_int_gt(EVP_PKEY_CTX_set1_id(sctx, sm2_id, sizeof(sm2_id)), 0))
  962. goto done;
  963. if(!TEST_true(EVP_DigestSignUpdate(md_ctx, kMsg, sizeof(kMsg))))
  964. goto done;
  965. /* Determine the size of the signature. */
  966. if (!TEST_true(EVP_DigestSignFinal(md_ctx, NULL, &sig_len)))
  967. goto done;
  968. if (!TEST_ptr(sig = OPENSSL_malloc(sig_len)))
  969. goto done;
  970. if (!TEST_true(EVP_DigestSignFinal(md_ctx, sig, &sig_len)))
  971. goto done;
  972. /* Ensure that the signature round-trips. */
  973. if (!TEST_true(EVP_DigestVerifyInit(md_ctx_verify, NULL, EVP_sm3(), NULL, pkey)))
  974. goto done;
  975. if (!TEST_int_gt(EVP_PKEY_CTX_set1_id(sctx, sm2_id, sizeof(sm2_id)), 0))
  976. goto done;
  977. if (!TEST_true(EVP_DigestVerifyUpdate(md_ctx_verify, kMsg, sizeof(kMsg))))
  978. goto done;
  979. if (!TEST_true(EVP_DigestVerifyFinal(md_ctx_verify, sig, sig_len)))
  980. goto done;
  981. /* now check encryption/decryption */
  982. gparams[0] = OSSL_PARAM_construct_utf8_string(OSSL_ASYM_CIPHER_PARAM_DIGEST,
  983. mdname, sizeof(mdname));
  984. for (i = 0; i < 2; i++) {
  985. EVP_PKEY_CTX_free(cctx);
  986. sparams[0] = OSSL_PARAM_construct_utf8_string(OSSL_ASYM_CIPHER_PARAM_DIGEST,
  987. i == 0 ? "SM3" : "SHA2-256",
  988. 0);
  989. if (!TEST_ptr(cctx = EVP_PKEY_CTX_new(pkey, NULL)))
  990. goto done;
  991. if (!TEST_true(EVP_PKEY_encrypt_init(cctx)))
  992. goto done;
  993. if (!TEST_true(EVP_PKEY_CTX_set_params(cctx, sparams)))
  994. goto done;
  995. if (!TEST_true(EVP_PKEY_encrypt(cctx, ciphertext, &ctext_len, kMsg,
  996. sizeof(kMsg))))
  997. goto done;
  998. if (!TEST_true(EVP_PKEY_decrypt_init(cctx)))
  999. goto done;
  1000. if (!TEST_true(EVP_PKEY_CTX_set_params(cctx, sparams)))
  1001. goto done;
  1002. if (!TEST_true(EVP_PKEY_decrypt(cctx, plaintext, &ptext_len, ciphertext,
  1003. ctext_len)))
  1004. goto done;
  1005. if (!TEST_true(EVP_PKEY_CTX_get_params(cctx, gparams)))
  1006. goto done;
  1007. /* Test we're still using the digest we think we are */
  1008. if (i == 0 && !TEST_int_eq(strcmp(mdname, "SM3"), 0))
  1009. goto done;
  1010. if (i == 1 && !TEST_int_eq(strcmp(mdname, "SHA2-256"), 0))
  1011. goto done;
  1012. if (!TEST_true(ptext_len == sizeof(kMsg)))
  1013. goto done;
  1014. if (!TEST_true(memcmp(plaintext, kMsg, sizeof(kMsg)) == 0))
  1015. goto done;
  1016. }
  1017. ret = 1;
  1018. done:
  1019. EVP_PKEY_CTX_free(pctx);
  1020. EVP_PKEY_CTX_free(kctx);
  1021. EVP_PKEY_CTX_free(sctx);
  1022. EVP_PKEY_CTX_free(cctx);
  1023. EVP_PKEY_free(pkey);
  1024. EVP_PKEY_free(pkeyparams);
  1025. EVP_MD_CTX_free(md_ctx);
  1026. EVP_MD_CTX_free(md_ctx_verify);
  1027. OPENSSL_free(sig);
  1028. return ret;
  1029. }
  1030. #endif
  1031. static struct keys_st {
  1032. int type;
  1033. char *priv;
  1034. char *pub;
  1035. } keys[] = {
  1036. {
  1037. EVP_PKEY_HMAC, "0123456789", NULL
  1038. }, {
  1039. EVP_PKEY_POLY1305, "01234567890123456789012345678901", NULL
  1040. }, {
  1041. EVP_PKEY_SIPHASH, "0123456789012345", NULL
  1042. },
  1043. #ifndef OPENSSL_NO_EC
  1044. {
  1045. EVP_PKEY_X25519, "01234567890123456789012345678901",
  1046. "abcdefghijklmnopqrstuvwxyzabcdef"
  1047. }, {
  1048. EVP_PKEY_ED25519, "01234567890123456789012345678901",
  1049. "abcdefghijklmnopqrstuvwxyzabcdef"
  1050. }, {
  1051. EVP_PKEY_X448,
  1052. "01234567890123456789012345678901234567890123456789012345",
  1053. "abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcd"
  1054. }, {
  1055. EVP_PKEY_ED448,
  1056. "012345678901234567890123456789012345678901234567890123456",
  1057. "abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcde"
  1058. }
  1059. #endif
  1060. };
  1061. static int test_set_get_raw_keys_int(int tst, int pub, int uselibctx)
  1062. {
  1063. int ret = 0;
  1064. unsigned char buf[80];
  1065. unsigned char *in;
  1066. size_t inlen, len = 0;
  1067. EVP_PKEY *pkey;
  1068. /* Check if this algorithm supports public keys */
  1069. if (keys[tst].pub == NULL)
  1070. return 1;
  1071. memset(buf, 0, sizeof(buf));
  1072. if (pub) {
  1073. inlen = strlen(keys[tst].pub);
  1074. in = (unsigned char *)keys[tst].pub;
  1075. if (uselibctx) {
  1076. pkey = EVP_PKEY_new_raw_public_key_ex(
  1077. testctx,
  1078. OBJ_nid2sn(keys[tst].type),
  1079. NULL,
  1080. in,
  1081. inlen);
  1082. } else {
  1083. pkey = EVP_PKEY_new_raw_public_key(keys[tst].type,
  1084. NULL,
  1085. in,
  1086. inlen);
  1087. }
  1088. } else {
  1089. inlen = strlen(keys[tst].priv);
  1090. in = (unsigned char *)keys[tst].priv;
  1091. if (uselibctx) {
  1092. pkey = EVP_PKEY_new_raw_private_key_ex(
  1093. testctx, OBJ_nid2sn(keys[tst].type),
  1094. NULL,
  1095. in,
  1096. inlen);
  1097. } else {
  1098. pkey = EVP_PKEY_new_raw_private_key(keys[tst].type,
  1099. NULL,
  1100. in,
  1101. inlen);
  1102. }
  1103. }
  1104. if (!TEST_ptr(pkey)
  1105. || (!pub && !TEST_true(EVP_PKEY_get_raw_private_key(pkey, NULL, &len)))
  1106. || (pub && !TEST_true(EVP_PKEY_get_raw_public_key(pkey, NULL, &len)))
  1107. || !TEST_true(len == inlen)
  1108. || (!pub && !TEST_true(EVP_PKEY_get_raw_private_key(pkey, buf, &len)))
  1109. || (pub && !TEST_true(EVP_PKEY_get_raw_public_key(pkey, buf, &len)))
  1110. || !TEST_mem_eq(in, inlen, buf, len))
  1111. goto done;
  1112. ret = 1;
  1113. done:
  1114. EVP_PKEY_free(pkey);
  1115. return ret;
  1116. }
  1117. static int test_set_get_raw_keys(int tst)
  1118. {
  1119. return test_set_get_raw_keys_int(tst, 0, 0)
  1120. && test_set_get_raw_keys_int(tst, 0, 1)
  1121. && test_set_get_raw_keys_int(tst, 1, 0)
  1122. && test_set_get_raw_keys_int(tst, 1, 1);
  1123. }
  1124. #ifndef OPENSSL_NO_DEPRECATED_3_0
  1125. static int pkey_custom_check(EVP_PKEY *pkey)
  1126. {
  1127. return 0xbeef;
  1128. }
  1129. static int pkey_custom_pub_check(EVP_PKEY *pkey)
  1130. {
  1131. return 0xbeef;
  1132. }
  1133. static int pkey_custom_param_check(EVP_PKEY *pkey)
  1134. {
  1135. return 0xbeef;
  1136. }
  1137. static EVP_PKEY_METHOD *custom_pmeth;
  1138. #endif
  1139. static int test_EVP_PKEY_check(int i)
  1140. {
  1141. int ret = 0;
  1142. const unsigned char *p;
  1143. EVP_PKEY *pkey = NULL;
  1144. #ifndef OPENSSL_NO_EC
  1145. EC_KEY *eckey = NULL;
  1146. #endif
  1147. EVP_PKEY_CTX *ctx = NULL;
  1148. #ifndef OPENSSL_NO_DEPRECATED_3_0
  1149. EVP_PKEY_CTX *ctx2 = NULL;
  1150. #endif
  1151. const APK_DATA *ak = &keycheckdata[i];
  1152. const unsigned char *input = ak->kder;
  1153. size_t input_len = ak->size;
  1154. int expected_id = ak->evptype;
  1155. int expected_check = ak->check;
  1156. int expected_pub_check = ak->pub_check;
  1157. int expected_param_check = ak->param_check;
  1158. int type = ak->type;
  1159. BIO *pubkey = NULL;
  1160. p = input;
  1161. switch (type) {
  1162. case 0:
  1163. if (!TEST_ptr(pkey = d2i_AutoPrivateKey(NULL, &p, input_len))
  1164. || !TEST_ptr_eq(p, input + input_len)
  1165. || !TEST_int_eq(EVP_PKEY_id(pkey), expected_id))
  1166. goto done;
  1167. break;
  1168. #ifndef OPENSSL_NO_EC
  1169. case 1:
  1170. if (!TEST_ptr(pubkey = BIO_new_mem_buf(input, input_len))
  1171. || !TEST_ptr(eckey = d2i_EC_PUBKEY_bio(pubkey, NULL))
  1172. || !TEST_ptr(pkey = EVP_PKEY_new())
  1173. || !TEST_true(EVP_PKEY_assign_EC_KEY(pkey, eckey)))
  1174. goto done;
  1175. break;
  1176. case 2:
  1177. if (!TEST_ptr(eckey = d2i_ECParameters(NULL, &p, input_len))
  1178. || !TEST_ptr_eq(p, input + input_len)
  1179. || !TEST_ptr(pkey = EVP_PKEY_new())
  1180. || !TEST_true(EVP_PKEY_assign_EC_KEY(pkey, eckey)))
  1181. goto done;
  1182. break;
  1183. #endif
  1184. default:
  1185. return 0;
  1186. }
  1187. if (!TEST_ptr(ctx = EVP_PKEY_CTX_new(pkey, NULL)))
  1188. goto done;
  1189. if (!TEST_int_eq(EVP_PKEY_check(ctx), expected_check))
  1190. goto done;
  1191. if (!TEST_int_eq(EVP_PKEY_public_check(ctx), expected_pub_check))
  1192. goto done;
  1193. if (!TEST_int_eq(EVP_PKEY_param_check(ctx), expected_param_check))
  1194. goto done;
  1195. #ifndef OPENSSL_NO_DEPRECATED_3_0
  1196. ctx2 = EVP_PKEY_CTX_new_id(0xdefaced, NULL);
  1197. /* assign the pkey directly, as an internal test */
  1198. EVP_PKEY_up_ref(pkey);
  1199. ctx2->pkey = pkey;
  1200. if (!TEST_int_eq(EVP_PKEY_check(ctx2), 0xbeef))
  1201. goto done;
  1202. if (!TEST_int_eq(EVP_PKEY_public_check(ctx2), 0xbeef))
  1203. goto done;
  1204. if (!TEST_int_eq(EVP_PKEY_param_check(ctx2), 0xbeef))
  1205. goto done;
  1206. #endif
  1207. ret = 1;
  1208. done:
  1209. EVP_PKEY_CTX_free(ctx);
  1210. #ifndef OPENSSL_NO_DEPRECATED_3_0
  1211. EVP_PKEY_CTX_free(ctx2);
  1212. #endif
  1213. EVP_PKEY_free(pkey);
  1214. BIO_free(pubkey);
  1215. return ret;
  1216. }
  1217. #ifndef OPENSSL_NO_CMAC
  1218. static int get_cmac_val(EVP_PKEY *pkey, unsigned char *mac)
  1219. {
  1220. EVP_MD_CTX *mdctx = EVP_MD_CTX_new();
  1221. const char msg[] = "Hello World";
  1222. size_t maclen;
  1223. int ret = 1;
  1224. if (!TEST_ptr(mdctx)
  1225. || !TEST_true(EVP_DigestSignInit(mdctx, NULL, NULL, NULL, pkey))
  1226. || !TEST_true(EVP_DigestSignUpdate(mdctx, msg, sizeof(msg)))
  1227. || !TEST_true(EVP_DigestSignFinal(mdctx, mac, &maclen))
  1228. || !TEST_size_t_eq(maclen, AES_BLOCK_SIZE))
  1229. ret = 0;
  1230. EVP_MD_CTX_free(mdctx);
  1231. return ret;
  1232. }
  1233. static int test_CMAC_keygen(void)
  1234. {
  1235. static unsigned char key[] = {
  1236. 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
  1237. 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
  1238. 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f
  1239. };
  1240. /*
  1241. * This is a legacy method for CMACs, but should still work.
  1242. * This verifies that it works without an ENGINE.
  1243. */
  1244. EVP_PKEY_CTX *kctx = EVP_PKEY_CTX_new_id(EVP_PKEY_CMAC, NULL);
  1245. int ret = 0;
  1246. EVP_PKEY *pkey = NULL;
  1247. unsigned char mac[AES_BLOCK_SIZE], mac2[AES_BLOCK_SIZE];
  1248. /* Test a CMAC key created using the "generated" method */
  1249. if (!TEST_int_gt(EVP_PKEY_keygen_init(kctx), 0)
  1250. || !TEST_int_gt(EVP_PKEY_CTX_ctrl(kctx, -1, EVP_PKEY_OP_KEYGEN,
  1251. EVP_PKEY_CTRL_CIPHER,
  1252. 0, (void *)EVP_aes_256_ecb()), 0)
  1253. || !TEST_int_gt(EVP_PKEY_CTX_ctrl(kctx, -1, EVP_PKEY_OP_KEYGEN,
  1254. EVP_PKEY_CTRL_SET_MAC_KEY,
  1255. sizeof(key), (void *)key), 0)
  1256. || !TEST_int_gt(EVP_PKEY_keygen(kctx, &pkey), 0)
  1257. || !TEST_ptr(pkey)
  1258. || !TEST_true(get_cmac_val(pkey, mac)))
  1259. goto done;
  1260. EVP_PKEY_free(pkey);
  1261. /*
  1262. * Test a CMAC key using the direct method, and compare with the mac
  1263. * created above.
  1264. */
  1265. pkey = EVP_PKEY_new_CMAC_key(NULL, key, sizeof(key), EVP_aes_256_ecb());
  1266. if (!TEST_ptr(pkey)
  1267. || !TEST_true(get_cmac_val(pkey, mac2))
  1268. || !TEST_mem_eq(mac, sizeof(mac), mac2, sizeof(mac2)))
  1269. goto done;
  1270. ret = 1;
  1271. done:
  1272. EVP_PKEY_free(pkey);
  1273. EVP_PKEY_CTX_free(kctx);
  1274. return ret;
  1275. }
  1276. #endif
  1277. static int test_HKDF(void)
  1278. {
  1279. EVP_PKEY_CTX *pctx;
  1280. unsigned char out[20];
  1281. size_t outlen;
  1282. int i, ret = 0;
  1283. unsigned char salt[] = "0123456789";
  1284. unsigned char key[] = "012345678901234567890123456789";
  1285. unsigned char info[] = "infostring";
  1286. const unsigned char expected[] = {
  1287. 0xe5, 0x07, 0x70, 0x7f, 0xc6, 0x78, 0xd6, 0x54, 0x32, 0x5f, 0x7e, 0xc5,
  1288. 0x7b, 0x59, 0x3e, 0xd8, 0x03, 0x6b, 0xed, 0xca
  1289. };
  1290. size_t expectedlen = sizeof(expected);
  1291. if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_HKDF, NULL)))
  1292. goto done;
  1293. /* We do this twice to test reuse of the EVP_PKEY_CTX */
  1294. for (i = 0; i < 2; i++) {
  1295. outlen = sizeof(out);
  1296. memset(out, 0, outlen);
  1297. if (!TEST_int_gt(EVP_PKEY_derive_init(pctx), 0)
  1298. || !TEST_int_gt(EVP_PKEY_CTX_set_hkdf_md(pctx, EVP_sha256()), 0)
  1299. || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_salt(pctx, salt,
  1300. sizeof(salt) - 1), 0)
  1301. || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_key(pctx, key,
  1302. sizeof(key) - 1), 0)
  1303. || !TEST_int_gt(EVP_PKEY_CTX_add1_hkdf_info(pctx, info,
  1304. sizeof(info) - 1), 0)
  1305. || !TEST_int_gt(EVP_PKEY_derive(pctx, out, &outlen), 0)
  1306. || !TEST_mem_eq(out, outlen, expected, expectedlen))
  1307. goto done;
  1308. }
  1309. ret = 1;
  1310. done:
  1311. EVP_PKEY_CTX_free(pctx);
  1312. return ret;
  1313. }
  1314. static int test_emptyikm_HKDF(void)
  1315. {
  1316. EVP_PKEY_CTX *pctx;
  1317. unsigned char out[20];
  1318. size_t outlen;
  1319. int ret = 0;
  1320. unsigned char salt[] = "9876543210";
  1321. unsigned char key[] = "";
  1322. unsigned char info[] = "stringinfo";
  1323. const unsigned char expected[] = {
  1324. 0x68, 0x81, 0xa5, 0x3e, 0x5b, 0x9c, 0x7b, 0x6f, 0x2e, 0xec, 0xc8, 0x47,
  1325. 0x7c, 0xfa, 0x47, 0x35, 0x66, 0x82, 0x15, 0x30
  1326. };
  1327. size_t expectedlen = sizeof(expected);
  1328. if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_HKDF, NULL)))
  1329. goto done;
  1330. outlen = sizeof(out);
  1331. memset(out, 0, outlen);
  1332. if (!TEST_int_gt(EVP_PKEY_derive_init(pctx), 0)
  1333. || !TEST_int_gt(EVP_PKEY_CTX_set_hkdf_md(pctx, EVP_sha256()), 0)
  1334. || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_salt(pctx, salt,
  1335. sizeof(salt) - 1), 0)
  1336. || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_key(pctx, key,
  1337. sizeof(key) - 1), 0)
  1338. || !TEST_int_gt(EVP_PKEY_CTX_add1_hkdf_info(pctx, info,
  1339. sizeof(info) - 1), 0)
  1340. || !TEST_int_gt(EVP_PKEY_derive(pctx, out, &outlen), 0)
  1341. || !TEST_mem_eq(out, outlen, expected, expectedlen))
  1342. goto done;
  1343. ret = 1;
  1344. done:
  1345. EVP_PKEY_CTX_free(pctx);
  1346. return ret;
  1347. }
  1348. #ifndef OPENSSL_NO_EC
  1349. static int test_X509_PUBKEY_inplace(void)
  1350. {
  1351. int ret = 0;
  1352. X509_PUBKEY *xp = NULL;
  1353. const unsigned char *p = kExampleECPubKeyDER;
  1354. size_t input_len = sizeof(kExampleECPubKeyDER);
  1355. if (!TEST_ptr(xp = d2i_X509_PUBKEY(NULL, &p, input_len)))
  1356. goto done;
  1357. if (!TEST_ptr(X509_PUBKEY_get0(xp)))
  1358. goto done;
  1359. p = kExampleBadECPubKeyDER;
  1360. input_len = sizeof(kExampleBadECPubKeyDER);
  1361. if (!TEST_ptr(xp = d2i_X509_PUBKEY(&xp, &p, input_len)))
  1362. goto done;
  1363. if (!TEST_true(X509_PUBKEY_get0(xp) == NULL))
  1364. goto done;
  1365. ret = 1;
  1366. done:
  1367. X509_PUBKEY_free(xp);
  1368. return ret;
  1369. }
  1370. #endif /* OPENSSL_NO_EC */
  1371. /* Test getting and setting parameters on an EVP_PKEY_CTX */
  1372. static int test_EVP_PKEY_CTX_get_set_params(EVP_PKEY *pkey)
  1373. {
  1374. EVP_MD_CTX *mdctx = NULL;
  1375. EVP_PKEY_CTX *ctx = NULL;
  1376. const OSSL_PARAM *params;
  1377. OSSL_PARAM ourparams[2], *param = ourparams, *param_md;
  1378. int ret = 0;
  1379. const EVP_MD *md;
  1380. char mdname[OSSL_MAX_NAME_SIZE];
  1381. char ssl3ms[48];
  1382. /* Initialise a sign operation */
  1383. ctx = EVP_PKEY_CTX_new(pkey, NULL);
  1384. if (!TEST_ptr(ctx)
  1385. || !TEST_int_gt(EVP_PKEY_sign_init(ctx), 0))
  1386. goto err;
  1387. /*
  1388. * We should be able to query the parameters now.
  1389. */
  1390. params = EVP_PKEY_CTX_settable_params(ctx);
  1391. if (!TEST_ptr(params)
  1392. || !TEST_ptr(OSSL_PARAM_locate_const(params,
  1393. OSSL_SIGNATURE_PARAM_DIGEST)))
  1394. goto err;
  1395. params = EVP_PKEY_CTX_gettable_params(ctx);
  1396. if (!TEST_ptr(params)
  1397. || !TEST_ptr(OSSL_PARAM_locate_const(params,
  1398. OSSL_SIGNATURE_PARAM_ALGORITHM_ID))
  1399. || !TEST_ptr(OSSL_PARAM_locate_const(params,
  1400. OSSL_SIGNATURE_PARAM_DIGEST)))
  1401. goto err;
  1402. /*
  1403. * Test getting and setting params via EVP_PKEY_CTX_set_params() and
  1404. * EVP_PKEY_CTX_get_params()
  1405. */
  1406. strcpy(mdname, "SHA512");
  1407. param_md = param;
  1408. *param++ = OSSL_PARAM_construct_utf8_string(OSSL_SIGNATURE_PARAM_DIGEST,
  1409. mdname, 0);
  1410. *param++ = OSSL_PARAM_construct_end();
  1411. if (!TEST_true(EVP_PKEY_CTX_set_params(ctx, ourparams)))
  1412. goto err;
  1413. mdname[0] = '\0';
  1414. *param_md = OSSL_PARAM_construct_utf8_string(OSSL_SIGNATURE_PARAM_DIGEST,
  1415. mdname, sizeof(mdname));
  1416. if (!TEST_true(EVP_PKEY_CTX_get_params(ctx, ourparams))
  1417. || !TEST_str_eq(mdname, "SHA512"))
  1418. goto err;
  1419. /*
  1420. * Test the TEST_PKEY_CTX_set_signature_md() and
  1421. * TEST_PKEY_CTX_get_signature_md() functions
  1422. */
  1423. if (!TEST_int_gt(EVP_PKEY_CTX_set_signature_md(ctx, EVP_sha256()), 0)
  1424. || !TEST_int_gt(EVP_PKEY_CTX_get_signature_md(ctx, &md), 0)
  1425. || !TEST_ptr_eq(md, EVP_sha256()))
  1426. goto err;
  1427. /*
  1428. * Test getting MD parameters via an associated EVP_PKEY_CTX
  1429. */
  1430. mdctx = EVP_MD_CTX_new();
  1431. if (!TEST_ptr(mdctx)
  1432. || !TEST_true(EVP_DigestSignInit_ex(mdctx, NULL, "SHA1", NULL, NULL,
  1433. pkey)))
  1434. goto err;
  1435. /*
  1436. * We now have an EVP_MD_CTX with an EVP_PKEY_CTX inside it. We should be
  1437. * able to obtain the digest's settable parameters from the provider.
  1438. */
  1439. params = EVP_MD_CTX_settable_params(mdctx);
  1440. if (!TEST_ptr(params)
  1441. || !TEST_int_eq(strcmp(params[0].key, OSSL_DIGEST_PARAM_SSL3_MS), 0)
  1442. /* The final key should be NULL */
  1443. || !TEST_ptr_null(params[1].key))
  1444. goto err;
  1445. param = ourparams;
  1446. memset(ssl3ms, 0, sizeof(ssl3ms));
  1447. *param++ = OSSL_PARAM_construct_octet_string(OSSL_DIGEST_PARAM_SSL3_MS,
  1448. ssl3ms, sizeof(ssl3ms));
  1449. *param++ = OSSL_PARAM_construct_end();
  1450. if (!TEST_true(EVP_MD_CTX_set_params(mdctx, ourparams)))
  1451. goto err;
  1452. ret = 1;
  1453. err:
  1454. EVP_MD_CTX_free(mdctx);
  1455. EVP_PKEY_CTX_free(ctx);
  1456. return ret;
  1457. }
  1458. #ifndef OPENSSL_NO_DSA
  1459. static int test_DSA_get_set_params(void)
  1460. {
  1461. DSA *dsa = NULL;
  1462. BIGNUM *p = NULL, *q = NULL, *g = NULL, *pub = NULL, *priv = NULL;
  1463. EVP_PKEY *pkey = NULL;
  1464. int ret = 0;
  1465. /*
  1466. * Setup the parameters for our DSA object. For our purposes they don't
  1467. * have to actually be *valid* parameters. We just need to set something.
  1468. */
  1469. dsa = DSA_new();
  1470. p = BN_new();
  1471. q = BN_new();
  1472. g = BN_new();
  1473. pub = BN_new();
  1474. priv = BN_new();
  1475. if (!TEST_ptr(dsa)
  1476. || !TEST_ptr(p)
  1477. || !TEST_ptr(q)
  1478. || !TEST_ptr(g)
  1479. || !TEST_ptr(pub)
  1480. || !DSA_set0_pqg(dsa, p, q, g)
  1481. || !DSA_set0_key(dsa, pub, priv))
  1482. goto err;
  1483. p = q = g = pub = priv = NULL;
  1484. pkey = EVP_PKEY_new();
  1485. if (!TEST_ptr(pkey)
  1486. || !TEST_true(EVP_PKEY_assign_DSA(pkey, dsa)))
  1487. goto err;
  1488. dsa = NULL;
  1489. ret = test_EVP_PKEY_CTX_get_set_params(pkey);
  1490. err:
  1491. EVP_PKEY_free(pkey);
  1492. DSA_free(dsa);
  1493. BN_free(p);
  1494. BN_free(q);
  1495. BN_free(g);
  1496. BN_free(pub);
  1497. BN_free(priv);
  1498. return ret;
  1499. }
  1500. #endif
  1501. static int test_RSA_get_set_params(void)
  1502. {
  1503. OSSL_PARAM_BLD *bld = NULL;
  1504. OSSL_PARAM *params = NULL;
  1505. BIGNUM *n = NULL, *e = NULL, *d = NULL;
  1506. EVP_PKEY_CTX *pctx = NULL;
  1507. EVP_PKEY *pkey = NULL;
  1508. int ret = 0;
  1509. /*
  1510. * Setup the parameters for our RSA object. For our purposes they don't
  1511. * have to actually be *valid* parameters. We just need to set something.
  1512. */
  1513. if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, "RSA", NULL))
  1514. || !TEST_ptr(bld = OSSL_PARAM_BLD_new())
  1515. || !TEST_ptr(n = BN_new())
  1516. || !TEST_ptr(e = BN_new())
  1517. || !TEST_ptr(d = BN_new()))
  1518. goto err;
  1519. if (!TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_N, n))
  1520. || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_E, e))
  1521. || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_D, d)))
  1522. goto err;
  1523. if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)))
  1524. goto err;
  1525. if (!TEST_int_gt(EVP_PKEY_key_fromdata_init(pctx), 0)
  1526. || !TEST_int_gt(EVP_PKEY_fromdata(pctx, &pkey, params), 0))
  1527. goto err;
  1528. if (!TEST_ptr(pkey))
  1529. goto err;
  1530. ret = test_EVP_PKEY_CTX_get_set_params(pkey);
  1531. err:
  1532. EVP_PKEY_free(pkey);
  1533. EVP_PKEY_CTX_free(pctx);
  1534. OSSL_PARAM_BLD_free_params(params);
  1535. OSSL_PARAM_BLD_free(bld);
  1536. BN_free(n);
  1537. BN_free(e);
  1538. BN_free(d);
  1539. return ret;
  1540. }
  1541. #if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
  1542. static int test_decrypt_null_chunks(void)
  1543. {
  1544. EVP_CIPHER_CTX* ctx = NULL;
  1545. const unsigned char key[32] = {
  1546. 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
  1547. 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
  1548. 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1
  1549. };
  1550. unsigned char iv[12] = {
  1551. 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b
  1552. };
  1553. unsigned char msg[] = "It was the best of times, it was the worst of times";
  1554. unsigned char ciphertext[80];
  1555. unsigned char plaintext[80];
  1556. /* We initialise tmp to a non zero value on purpose */
  1557. int ctlen, ptlen, tmp = 99;
  1558. int ret = 0;
  1559. const int enc_offset = 10, dec_offset = 20;
  1560. if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new())
  1561. || !TEST_true(EVP_EncryptInit_ex(ctx, EVP_chacha20_poly1305(), NULL,
  1562. key, iv))
  1563. || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext, &ctlen, msg,
  1564. enc_offset))
  1565. /* Deliberate add a zero length update */
  1566. || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext + ctlen, &tmp, NULL,
  1567. 0))
  1568. || !TEST_int_eq(tmp, 0)
  1569. || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext + ctlen, &tmp,
  1570. msg + enc_offset,
  1571. sizeof(msg) - enc_offset))
  1572. || !TEST_int_eq(ctlen += tmp, sizeof(msg))
  1573. || !TEST_true(EVP_EncryptFinal(ctx, ciphertext + ctlen, &tmp))
  1574. || !TEST_int_eq(tmp, 0))
  1575. goto err;
  1576. /* Deliberately initialise tmp to a non zero value */
  1577. tmp = 99;
  1578. if (!TEST_true(EVP_DecryptInit_ex(ctx, EVP_chacha20_poly1305(), NULL, key,
  1579. iv))
  1580. || !TEST_true(EVP_DecryptUpdate(ctx, plaintext, &ptlen, ciphertext,
  1581. dec_offset))
  1582. /*
  1583. * Deliberately add a zero length update. We also deliberately do
  1584. * this at a different offset than for encryption.
  1585. */
  1586. || !TEST_true(EVP_DecryptUpdate(ctx, plaintext + ptlen, &tmp, NULL,
  1587. 0))
  1588. || !TEST_int_eq(tmp, 0)
  1589. || !TEST_true(EVP_DecryptUpdate(ctx, plaintext + ptlen, &tmp,
  1590. ciphertext + dec_offset,
  1591. ctlen - dec_offset))
  1592. || !TEST_int_eq(ptlen += tmp, sizeof(msg))
  1593. || !TEST_true(EVP_DecryptFinal(ctx, plaintext + ptlen, &tmp))
  1594. || !TEST_int_eq(tmp, 0)
  1595. || !TEST_mem_eq(msg, sizeof(msg), plaintext, ptlen))
  1596. goto err;
  1597. ret = 1;
  1598. err:
  1599. EVP_CIPHER_CTX_free(ctx);
  1600. return ret;
  1601. }
  1602. #endif /* !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305) */
  1603. #if !defined(OPENSSL_NO_DH) && !defined(OPENSSL_NO_DEPRECATED_3_0)
  1604. static int test_EVP_PKEY_set1_DH(void)
  1605. {
  1606. DH *x942dh = NULL, *noqdh = NULL;
  1607. EVP_PKEY *pkey1 = NULL, *pkey2 = NULL;
  1608. int ret = 0;
  1609. BIGNUM *p, *g = NULL;
  1610. if (!TEST_ptr(p = BN_new())
  1611. || !TEST_ptr(g = BN_new())
  1612. || !BN_set_word(p, 9999)
  1613. || !BN_set_word(g, 2)
  1614. || !TEST_ptr(noqdh = DH_new())
  1615. || !DH_set0_pqg(noqdh, p, NULL, g))
  1616. goto err;
  1617. p = g = NULL;
  1618. x942dh = DH_get_2048_256();
  1619. pkey1 = EVP_PKEY_new();
  1620. pkey2 = EVP_PKEY_new();
  1621. if (!TEST_ptr(x942dh)
  1622. || !TEST_ptr(noqdh)
  1623. || !TEST_ptr(pkey1)
  1624. || !TEST_ptr(pkey2))
  1625. goto err;
  1626. if(!TEST_true(EVP_PKEY_set1_DH(pkey1, x942dh))
  1627. || !TEST_int_eq(EVP_PKEY_id(pkey1), EVP_PKEY_DHX))
  1628. goto err;
  1629. if(!TEST_true(EVP_PKEY_set1_DH(pkey2, noqdh))
  1630. || !TEST_int_eq(EVP_PKEY_id(pkey2), EVP_PKEY_DH))
  1631. goto err;
  1632. ret = 1;
  1633. err:
  1634. BN_free(p);
  1635. BN_free(g);
  1636. EVP_PKEY_free(pkey1);
  1637. EVP_PKEY_free(pkey2);
  1638. DH_free(x942dh);
  1639. DH_free(noqdh);
  1640. return ret;
  1641. }
  1642. #endif
  1643. /*
  1644. * We test what happens with an empty template. For the sake of this test,
  1645. * the template must be ignored, and we know that's the case for RSA keys
  1646. * (this might arguably be a misfeature, but that's what we currently do,
  1647. * even in provider code, since that's how the legacy RSA implementation
  1648. * does things)
  1649. */
  1650. static int test_keygen_with_empty_template(int n)
  1651. {
  1652. EVP_PKEY_CTX *ctx = NULL;
  1653. EVP_PKEY *pkey = NULL;
  1654. EVP_PKEY *tkey = NULL;
  1655. int ret = 0;
  1656. switch (n) {
  1657. case 0:
  1658. /* We do test with no template at all as well */
  1659. if (!TEST_ptr(ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_RSA, NULL)))
  1660. goto err;
  1661. break;
  1662. case 1:
  1663. /* Here we create an empty RSA key that serves as our template */
  1664. if (!TEST_ptr(tkey = EVP_PKEY_new())
  1665. || !TEST_true(EVP_PKEY_set_type(tkey, EVP_PKEY_RSA))
  1666. || !TEST_ptr(ctx = EVP_PKEY_CTX_new(tkey, NULL)))
  1667. goto err;
  1668. break;
  1669. }
  1670. if (!TEST_int_gt(EVP_PKEY_keygen_init(ctx), 0)
  1671. || !TEST_int_gt(EVP_PKEY_keygen(ctx, &pkey), 0))
  1672. goto err;
  1673. ret = 1;
  1674. err:
  1675. EVP_PKEY_CTX_free(ctx);
  1676. EVP_PKEY_free(pkey);
  1677. EVP_PKEY_free(tkey);
  1678. return ret;
  1679. }
  1680. /*
  1681. * Test that we fail if we attempt to use an algorithm that is not available
  1682. * in the current library context (unless we are using an algorithm that
  1683. * should be made available via legacy codepaths).
  1684. *
  1685. * 0: RSA
  1686. * 1: SM2
  1687. */
  1688. static int test_pkey_ctx_fail_without_provider(int tst)
  1689. {
  1690. OSSL_LIB_CTX *tmpctx = OSSL_LIB_CTX_new();
  1691. OSSL_PROVIDER *nullprov = NULL;
  1692. EVP_PKEY_CTX *pctx = NULL;
  1693. const char *keytype = NULL;
  1694. int expect_null = 0;
  1695. int ret = 0;
  1696. if (!TEST_ptr(tmpctx))
  1697. goto err;
  1698. nullprov = OSSL_PROVIDER_load(tmpctx, "null");
  1699. if (!TEST_ptr(nullprov))
  1700. goto err;
  1701. /*
  1702. * We check for certain algos in the null provider.
  1703. * If an algo is expected to have a provider keymgmt, contructing an
  1704. * EVP_PKEY_CTX is expected to fail (return NULL).
  1705. * Otherwise, if it's expected to have legacy support, contructing an
  1706. * EVP_PKEY_CTX is expected to succeed (return non-NULL).
  1707. */
  1708. switch (tst) {
  1709. case 0:
  1710. keytype = "RSA";
  1711. expect_null = 1;
  1712. break;
  1713. case 1:
  1714. keytype = "SM2";
  1715. expect_null = 1;
  1716. #ifdef OPENSSL_NO_EC
  1717. TEST_info("EC disable, skipping SM2 check...");
  1718. goto end;
  1719. #endif
  1720. #ifdef OPENSSL_NO_SM2
  1721. TEST_info("SM2 disable, skipping SM2 check...");
  1722. goto end;
  1723. #endif
  1724. break;
  1725. default:
  1726. TEST_error("No test for case %d", tst);
  1727. goto err;
  1728. }
  1729. pctx = EVP_PKEY_CTX_new_from_name(tmpctx, keytype, "");
  1730. if (expect_null ? !TEST_ptr_null(pctx) : !TEST_ptr(pctx))
  1731. goto err;
  1732. #if defined(OPENSSL_NO_EC) || defined(OPENSSL_NO_SM2)
  1733. end:
  1734. #endif
  1735. ret = 1;
  1736. err:
  1737. EVP_PKEY_CTX_free(pctx);
  1738. OSSL_PROVIDER_unload(nullprov);
  1739. OSSL_LIB_CTX_free(tmpctx);
  1740. return ret;
  1741. }
  1742. static int test_rand_agglomeration(void)
  1743. {
  1744. EVP_RAND *rand;
  1745. EVP_RAND_CTX *ctx;
  1746. OSSL_PARAM params[3], *p = params;
  1747. int res;
  1748. unsigned int step = 7;
  1749. static unsigned char seed[] = "It does not matter how slowly you go "
  1750. "as long as you do not stop.";
  1751. unsigned char out[sizeof(seed)];
  1752. if (!TEST_int_ne(sizeof(seed) % step, 0)
  1753. || !TEST_ptr(rand = EVP_RAND_fetch(NULL, "TEST-RAND", NULL)))
  1754. return 0;
  1755. ctx = EVP_RAND_CTX_new(rand, NULL);
  1756. EVP_RAND_free(rand);
  1757. if (!TEST_ptr(ctx))
  1758. return 0;
  1759. memset(out, 0, sizeof(out));
  1760. *p++ = OSSL_PARAM_construct_octet_string(OSSL_RAND_PARAM_TEST_ENTROPY,
  1761. seed, sizeof(seed));
  1762. *p++ = OSSL_PARAM_construct_uint(OSSL_RAND_PARAM_MAX_REQUEST, &step);
  1763. *p = OSSL_PARAM_construct_end();
  1764. res = TEST_true(EVP_RAND_set_ctx_params(ctx, params))
  1765. && TEST_true(EVP_RAND_generate(ctx, out, sizeof(out), 0, 1, NULL, 0))
  1766. && TEST_mem_eq(seed, sizeof(seed), out, sizeof(out));
  1767. EVP_RAND_CTX_free(ctx);
  1768. return res;
  1769. }
  1770. /*
  1771. * Test that we correctly return the original or "running" IV after
  1772. * an encryption operation.
  1773. * Run multiple times for some different relevant algorithms/modes.
  1774. */
  1775. static int test_evp_iv(int idx)
  1776. {
  1777. int ret = 0;
  1778. EVP_CIPHER_CTX *ctx = NULL;
  1779. unsigned char key[16] = {0x4c, 0x43, 0xdb, 0xdd, 0x42, 0x73, 0x47, 0xd1,
  1780. 0xe5, 0x62, 0x7d, 0xcd, 0x4d, 0x76, 0x4d, 0x57};
  1781. unsigned char init_iv[EVP_MAX_IV_LENGTH] =
  1782. {0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b, 0x98, 0x82,
  1783. 0x5a, 0x55, 0x91, 0x81, 0x42, 0xa8, 0x89, 0x34};
  1784. static const unsigned char msg[] = { 1, 2, 3, 4, 5, 6, 7, 8,
  1785. 9, 10, 11, 12, 13, 14, 15, 16 };
  1786. unsigned char ciphertext[32], oiv[16], iv[16];
  1787. unsigned char *ref_iv;
  1788. unsigned char cbc_state[16] = {0x10, 0x2f, 0x05, 0xcc, 0xc2, 0x55, 0x72, 0xb9,
  1789. 0x88, 0xe6, 0x4a, 0x17, 0x10, 0x74, 0x22, 0x5e};
  1790. unsigned char ofb_state[16] = {0x76, 0xe6, 0x66, 0x61, 0xd0, 0x8a, 0xe4, 0x64,
  1791. 0xdd, 0x66, 0xbf, 0x00, 0xf0, 0xe3, 0x6f, 0xfd};
  1792. unsigned char gcm_state[12] = {0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b,
  1793. 0x98, 0x82, 0x5a, 0x55, 0x91, 0x81};
  1794. unsigned char ccm_state[7] = {0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b, 0x98};
  1795. #ifndef OPENSSL_NO_OCB
  1796. unsigned char ocb_state[12] = {0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b,
  1797. 0x98, 0x82, 0x5a, 0x55, 0x91, 0x81};
  1798. #endif
  1799. int len = sizeof(ciphertext);
  1800. size_t ivlen, ref_len;
  1801. const EVP_CIPHER *type = NULL;
  1802. switch(idx) {
  1803. case 0:
  1804. type = EVP_aes_128_cbc();
  1805. /* FALLTHROUGH */
  1806. case 5:
  1807. type = (type != NULL) ? type :
  1808. EVP_CIPHER_fetch(testctx, "aes-128-cbc", NULL);
  1809. ref_iv = cbc_state;
  1810. ref_len = sizeof(cbc_state);
  1811. break;
  1812. case 1:
  1813. type = EVP_aes_128_ofb();
  1814. /* FALLTHROUGH */
  1815. case 6:
  1816. type = (type != NULL) ? type :
  1817. EVP_CIPHER_fetch(testctx, "aes-128-ofb", NULL);
  1818. ref_iv = ofb_state;
  1819. ref_len = sizeof(ofb_state);
  1820. break;
  1821. case 2:
  1822. type = EVP_aes_128_gcm();
  1823. /* FALLTHROUGH */
  1824. case 7:
  1825. type = (type != NULL) ? type :
  1826. EVP_CIPHER_fetch(testctx, "aes-128-gcm", NULL);
  1827. ref_iv = gcm_state;
  1828. ref_len = sizeof(gcm_state);
  1829. break;
  1830. case 3:
  1831. type = EVP_aes_128_ccm();
  1832. /* FALLTHROUGH */
  1833. case 8:
  1834. type = (type != NULL) ? type :
  1835. EVP_CIPHER_fetch(testctx, "aes-128-ccm", NULL);
  1836. ref_iv = ccm_state;
  1837. ref_len = sizeof(ccm_state);
  1838. break;
  1839. #ifdef OPENSSL_NO_OCB
  1840. case 4:
  1841. case 9:
  1842. return 1;
  1843. #else
  1844. case 4:
  1845. type = EVP_aes_128_ocb();
  1846. /* FALLTHROUGH */
  1847. case 9:
  1848. type = (type != NULL) ? type :
  1849. EVP_CIPHER_fetch(testctx, "aes-128-ocb", NULL);
  1850. ref_iv = ocb_state;
  1851. ref_len = sizeof(ocb_state);
  1852. break;
  1853. #endif
  1854. default:
  1855. return 0;
  1856. }
  1857. if (!TEST_ptr(type)
  1858. || !TEST_ptr((ctx = EVP_CIPHER_CTX_new()))
  1859. || !TEST_true(EVP_EncryptInit_ex(ctx, type, NULL, key, init_iv))
  1860. || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext, &len, msg,
  1861. (int)sizeof(msg)))
  1862. || !TEST_true(EVP_CIPHER_CTX_get_iv(ctx, oiv, sizeof(oiv)))
  1863. || !TEST_true(EVP_CIPHER_CTX_get_iv_state(ctx, iv, sizeof(iv)))
  1864. || !TEST_true(EVP_EncryptFinal_ex(ctx, ciphertext, &len)))
  1865. goto err;
  1866. ivlen = EVP_CIPHER_CTX_iv_length(ctx);
  1867. if (!TEST_mem_eq(init_iv, ivlen, oiv, ivlen)
  1868. || !TEST_mem_eq(ref_iv, ref_len, iv, ivlen))
  1869. goto err;
  1870. ret = 1;
  1871. err:
  1872. EVP_CIPHER_CTX_free(ctx);
  1873. if (idx >= 5)
  1874. EVP_CIPHER_free((EVP_CIPHER *)type);
  1875. return ret;
  1876. }
  1877. int setup_tests(void)
  1878. {
  1879. testctx = OSSL_LIB_CTX_new();
  1880. if (!TEST_ptr(testctx))
  1881. return 0;
  1882. ADD_TEST(test_EVP_set_default_properties);
  1883. ADD_ALL_TESTS(test_EVP_DigestSignInit, 9);
  1884. ADD_TEST(test_EVP_DigestVerifyInit);
  1885. ADD_TEST(test_EVP_Digest);
  1886. ADD_TEST(test_EVP_Enveloped);
  1887. ADD_ALL_TESTS(test_d2i_AutoPrivateKey, OSSL_NELEM(keydata));
  1888. ADD_TEST(test_privatekey_to_pkcs8);
  1889. #ifndef OPENSSL_NO_EC
  1890. ADD_TEST(test_EVP_PKCS82PKEY);
  1891. #endif
  1892. #ifndef OPENSSL_NO_EC
  1893. ADD_ALL_TESTS(test_EC_keygen_with_enc, OSSL_NELEM(ec_encodings));
  1894. #endif
  1895. #if !defined(OPENSSL_NO_SM2) && !defined(FIPS_MODULE)
  1896. ADD_TEST(test_EVP_SM2);
  1897. ADD_TEST(test_EVP_SM2_verify);
  1898. #endif
  1899. ADD_ALL_TESTS(test_set_get_raw_keys, OSSL_NELEM(keys));
  1900. #ifndef OPENSSL_NO_DEPRECATED_3_0
  1901. custom_pmeth = EVP_PKEY_meth_new(0xdefaced, 0);
  1902. if (!TEST_ptr(custom_pmeth))
  1903. return 0;
  1904. EVP_PKEY_meth_set_check(custom_pmeth, pkey_custom_check);
  1905. EVP_PKEY_meth_set_public_check(custom_pmeth, pkey_custom_pub_check);
  1906. EVP_PKEY_meth_set_param_check(custom_pmeth, pkey_custom_param_check);
  1907. if (!TEST_int_eq(EVP_PKEY_meth_add0(custom_pmeth), 1))
  1908. return 0;
  1909. #endif
  1910. ADD_ALL_TESTS(test_EVP_PKEY_check, OSSL_NELEM(keycheckdata));
  1911. #ifndef OPENSSL_NO_CMAC
  1912. ADD_TEST(test_CMAC_keygen);
  1913. #endif
  1914. ADD_TEST(test_HKDF);
  1915. ADD_TEST(test_emptyikm_HKDF);
  1916. #ifndef OPENSSL_NO_EC
  1917. ADD_TEST(test_X509_PUBKEY_inplace);
  1918. ADD_ALL_TESTS(test_invalide_ec_char2_pub_range_decode,
  1919. OSSL_NELEM(ec_der_pub_keys));
  1920. #endif
  1921. #ifndef OPENSSL_NO_DSA
  1922. ADD_TEST(test_DSA_get_set_params);
  1923. #endif
  1924. ADD_TEST(test_RSA_get_set_params);
  1925. #if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
  1926. ADD_TEST(test_decrypt_null_chunks);
  1927. #endif
  1928. #if !defined(OPENSSL_NO_DH) && !defined(OPENSSL_NO_DEPRECATED_3_0)
  1929. ADD_TEST(test_EVP_PKEY_set1_DH);
  1930. #endif
  1931. ADD_ALL_TESTS(test_keygen_with_empty_template, 2);
  1932. ADD_ALL_TESTS(test_pkey_ctx_fail_without_provider, 2);
  1933. ADD_TEST(test_rand_agglomeration);
  1934. ADD_ALL_TESTS(test_evp_iv, 10);
  1935. return 1;
  1936. }
  1937. void cleanup_tests(void)
  1938. {
  1939. OSSL_LIB_CTX_free(testctx);
  1940. }