evp_extra_test.c 67 KB

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879808182838485868788899091929394959697989910010110210310410510610710810911011111211311411511611711811912012112212312412512612712812913013113213313413513613713813914014114214314414514614714814915015115215315415515615715815916016116216316416516616716816917017117217317417517617717817918018118218318418518618718818919019119219319419519619719819920020120220320420520620720820921021121221321421521621721821922022122222322422522622722822923023123223323423523623723823924024124224324424524624724824925025125225325425525625725825926026126226326426526626726826927027127227327427527627727827928028128228328428528628728828929029129229329429529629729829930030130230330430530630730830931031131231331431531631731831932032132232332432532632732832933033133233333433533633733833934034134234334434534634734834935035135235335435535635735835936036136236336436536636736836937037137237337437537637737837938038138238338438538638738838939039139239339439539639739839940040140240340440540640740840941041141241341441541641741841942042142242342442542642742842943043143243343443543643743843944044144244344444544644744844945045145245345445545645745845946046146246346446546646746846947047147247347447547647747847948048148248348448548648748848949049149249349449549649749849950050150250350450550650750850951051151251351451551651751851952052152252352452552652752852953053153253353453553653753853954054154254354454554654754854955055155255355455555655755855956056156256356456556656756856957057157257357457557657757857958058158258358458558658758858959059159259359459559659759859960060160260360460560660760860961061161261361461561661761861962062162262362462562662762862963063163263363463563663763863964064164264364464564664764864965065165265365465565665765865966066166266366466566666766866967067167267367467567667767867968068168268368468568668768868969069169269369469569669769869970070170270370470570670770870971071171271371471571671771871972072172272372472572672772872973073173273373473573673773873974074174274374474574674774874975075175275375475575675775875976076176276376476576676776876977077177277377477577677777877978078178278378478578678778878979079179279379479579679779879980080180280380480580680780880981081181281381481581681781881982082182282382482582682782882983083183283383483583683783883984084184284384484584684784884985085185285385485585685785885986086186286386486586686786886987087187287387487587687787887988088188288388488588688788888989089189289389489589689789889990090190290390490590690790890991091191291391491591691791891992092192292392492592692792892993093193293393493593693793893994094194294394494594694794894995095195295395495595695795895996096196296396496596696796896997097197297397497597697797897998098198298398498598698798898999099199299399499599699799899910001001100210031004100510061007100810091010101110121013101410151016101710181019102010211022102310241025102610271028102910301031103210331034103510361037103810391040104110421043104410451046104710481049105010511052105310541055105610571058105910601061106210631064106510661067106810691070107110721073107410751076107710781079108010811082108310841085108610871088108910901091109210931094109510961097109810991100110111021103110411051106110711081109111011111112111311141115111611171118111911201121112211231124112511261127112811291130113111321133113411351136113711381139114011411142114311441145114611471148114911501151115211531154115511561157115811591160116111621163116411651166116711681169117011711172117311741175117611771178117911801181118211831184118511861187118811891190119111921193119411951196119711981199120012011202120312041205120612071208120912101211121212131214121512161217121812191220122112221223122412251226122712281229123012311232123312341235123612371238123912401241124212431244124512461247124812491250125112521253125412551256125712581259126012611262126312641265126612671268126912701271127212731274127512761277127812791280128112821283128412851286128712881289129012911292129312941295129612971298129913001301130213031304130513061307130813091310131113121313131413151316131713181319132013211322132313241325132613271328132913301331133213331334133513361337133813391340134113421343134413451346134713481349135013511352135313541355135613571358135913601361136213631364136513661367136813691370137113721373137413751376137713781379138013811382138313841385138613871388138913901391139213931394139513961397139813991400140114021403140414051406140714081409141014111412141314141415141614171418141914201421142214231424142514261427142814291430143114321433143414351436143714381439144014411442144314441445144614471448144914501451145214531454145514561457145814591460146114621463146414651466146714681469147014711472147314741475147614771478147914801481148214831484148514861487148814891490149114921493149414951496149714981499150015011502150315041505150615071508150915101511151215131514151515161517151815191520152115221523152415251526152715281529153015311532153315341535153615371538153915401541154215431544154515461547154815491550155115521553155415551556155715581559156015611562156315641565156615671568156915701571157215731574157515761577157815791580158115821583158415851586158715881589159015911592159315941595159615971598159916001601160216031604160516061607160816091610161116121613161416151616161716181619162016211622162316241625162616271628162916301631163216331634163516361637163816391640164116421643164416451646164716481649165016511652165316541655165616571658165916601661166216631664166516661667166816691670167116721673167416751676167716781679168016811682168316841685168616871688168916901691169216931694169516961697169816991700170117021703170417051706170717081709171017111712171317141715171617171718171917201721172217231724172517261727172817291730173117321733173417351736173717381739174017411742174317441745174617471748174917501751175217531754175517561757175817591760176117621763176417651766176717681769177017711772177317741775177617771778177917801781178217831784178517861787178817891790179117921793179417951796179717981799180018011802180318041805180618071808180918101811181218131814181518161817181818191820182118221823182418251826182718281829183018311832183318341835183618371838183918401841184218431844184518461847184818491850185118521853185418551856185718581859186018611862186318641865
  1. /*
  2. * Copyright 2015-2020 The OpenSSL Project Authors. All Rights Reserved.
  3. *
  4. * Licensed under the Apache License 2.0 (the "License"). You may not use
  5. * this file except in compliance with the License. You can obtain a copy
  6. * in the file LICENSE in the source distribution or at
  7. * https://www.openssl.org/source/license.html
  8. */
  9. #include <stdio.h>
  10. #include <stdlib.h>
  11. #include <string.h>
  12. #include <openssl/bio.h>
  13. #include <openssl/conf.h>
  14. #include <openssl/crypto.h>
  15. #include <openssl/err.h>
  16. #include <openssl/evp.h>
  17. #include <openssl/rsa.h>
  18. #include <openssl/x509.h>
  19. #include <openssl/pem.h>
  20. #include <openssl/kdf.h>
  21. #include <openssl/provider.h>
  22. #include <openssl/core_names.h>
  23. #include <openssl/params.h>
  24. #include <openssl/dsa.h>
  25. #include <openssl/dh.h>
  26. #include "testutil.h"
  27. #include "internal/nelem.h"
  28. #include "internal/sizes.h"
  29. #include "crypto/evp.h"
  30. static OPENSSL_CTX *testctx = NULL;
  31. /*
  32. * kExampleRSAKeyDER is an RSA private key in ASN.1, DER format. Of course, you
  33. * should never use this key anywhere but in an example.
  34. */
  35. static const unsigned char kExampleRSAKeyDER[] = {
  36. 0x30, 0x82, 0x02, 0x5c, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81, 0x00, 0xf8,
  37. 0xb8, 0x6c, 0x83, 0xb4, 0xbc, 0xd9, 0xa8, 0x57, 0xc0, 0xa5, 0xb4, 0x59,
  38. 0x76, 0x8c, 0x54, 0x1d, 0x79, 0xeb, 0x22, 0x52, 0x04, 0x7e, 0xd3, 0x37,
  39. 0xeb, 0x41, 0xfd, 0x83, 0xf9, 0xf0, 0xa6, 0x85, 0x15, 0x34, 0x75, 0x71,
  40. 0x5a, 0x84, 0xa8, 0x3c, 0xd2, 0xef, 0x5a, 0x4e, 0xd3, 0xde, 0x97, 0x8a,
  41. 0xdd, 0xff, 0xbb, 0xcf, 0x0a, 0xaa, 0x86, 0x92, 0xbe, 0xb8, 0x50, 0xe4,
  42. 0xcd, 0x6f, 0x80, 0x33, 0x30, 0x76, 0x13, 0x8f, 0xca, 0x7b, 0xdc, 0xec,
  43. 0x5a, 0xca, 0x63, 0xc7, 0x03, 0x25, 0xef, 0xa8, 0x8a, 0x83, 0x58, 0x76,
  44. 0x20, 0xfa, 0x16, 0x77, 0xd7, 0x79, 0x92, 0x63, 0x01, 0x48, 0x1a, 0xd8,
  45. 0x7b, 0x67, 0xf1, 0x52, 0x55, 0x49, 0x4e, 0xd6, 0x6e, 0x4a, 0x5c, 0xd7,
  46. 0x7a, 0x37, 0x36, 0x0c, 0xde, 0xdd, 0x8f, 0x44, 0xe8, 0xc2, 0xa7, 0x2c,
  47. 0x2b, 0xb5, 0xaf, 0x64, 0x4b, 0x61, 0x07, 0x02, 0x03, 0x01, 0x00, 0x01,
  48. 0x02, 0x81, 0x80, 0x74, 0x88, 0x64, 0x3f, 0x69, 0x45, 0x3a, 0x6d, 0xc7,
  49. 0x7f, 0xb9, 0xa3, 0xc0, 0x6e, 0xec, 0xdc, 0xd4, 0x5a, 0xb5, 0x32, 0x85,
  50. 0x5f, 0x19, 0xd4, 0xf8, 0xd4, 0x3f, 0x3c, 0xfa, 0xc2, 0xf6, 0x5f, 0xee,
  51. 0xe6, 0xba, 0x87, 0x74, 0x2e, 0xc7, 0x0c, 0xd4, 0x42, 0xb8, 0x66, 0x85,
  52. 0x9c, 0x7b, 0x24, 0x61, 0xaa, 0x16, 0x11, 0xf6, 0xb5, 0xb6, 0xa4, 0x0a,
  53. 0xc9, 0x55, 0x2e, 0x81, 0xa5, 0x47, 0x61, 0xcb, 0x25, 0x8f, 0xc2, 0x15,
  54. 0x7b, 0x0e, 0x7c, 0x36, 0x9f, 0x3a, 0xda, 0x58, 0x86, 0x1c, 0x5b, 0x83,
  55. 0x79, 0xe6, 0x2b, 0xcc, 0xe6, 0xfa, 0x2c, 0x61, 0xf2, 0x78, 0x80, 0x1b,
  56. 0xe2, 0xf3, 0x9d, 0x39, 0x2b, 0x65, 0x57, 0x91, 0x3d, 0x71, 0x99, 0x73,
  57. 0xa5, 0xc2, 0x79, 0x20, 0x8c, 0x07, 0x4f, 0xe5, 0xb4, 0x60, 0x1f, 0x99,
  58. 0xa2, 0xb1, 0x4f, 0x0c, 0xef, 0xbc, 0x59, 0x53, 0x00, 0x7d, 0xb1, 0x02,
  59. 0x41, 0x00, 0xfc, 0x7e, 0x23, 0x65, 0x70, 0xf8, 0xce, 0xd3, 0x40, 0x41,
  60. 0x80, 0x6a, 0x1d, 0x01, 0xd6, 0x01, 0xff, 0xb6, 0x1b, 0x3d, 0x3d, 0x59,
  61. 0x09, 0x33, 0x79, 0xc0, 0x4f, 0xde, 0x96, 0x27, 0x4b, 0x18, 0xc6, 0xd9,
  62. 0x78, 0xf1, 0xf4, 0x35, 0x46, 0xe9, 0x7c, 0x42, 0x7a, 0x5d, 0x9f, 0xef,
  63. 0x54, 0xb8, 0xf7, 0x9f, 0xc4, 0x33, 0x6c, 0xf3, 0x8c, 0x32, 0x46, 0x87,
  64. 0x67, 0x30, 0x7b, 0xa7, 0xac, 0xe3, 0x02, 0x41, 0x00, 0xfc, 0x2c, 0xdf,
  65. 0x0c, 0x0d, 0x88, 0xf5, 0xb1, 0x92, 0xa8, 0x93, 0x47, 0x63, 0x55, 0xf5,
  66. 0xca, 0x58, 0x43, 0xba, 0x1c, 0xe5, 0x9e, 0xb6, 0x95, 0x05, 0xcd, 0xb5,
  67. 0x82, 0xdf, 0xeb, 0x04, 0x53, 0x9d, 0xbd, 0xc2, 0x38, 0x16, 0xb3, 0x62,
  68. 0xdd, 0xa1, 0x46, 0xdb, 0x6d, 0x97, 0x93, 0x9f, 0x8a, 0xc3, 0x9b, 0x64,
  69. 0x7e, 0x42, 0xe3, 0x32, 0x57, 0x19, 0x1b, 0xd5, 0x6e, 0x85, 0xfa, 0xb8,
  70. 0x8d, 0x02, 0x41, 0x00, 0xbc, 0x3d, 0xde, 0x6d, 0xd6, 0x97, 0xe8, 0xba,
  71. 0x9e, 0x81, 0x37, 0x17, 0xe5, 0xa0, 0x64, 0xc9, 0x00, 0xb7, 0xe7, 0xfe,
  72. 0xf4, 0x29, 0xd9, 0x2e, 0x43, 0x6b, 0x19, 0x20, 0xbd, 0x99, 0x75, 0xe7,
  73. 0x76, 0xf8, 0xd3, 0xae, 0xaf, 0x7e, 0xb8, 0xeb, 0x81, 0xf4, 0x9d, 0xfe,
  74. 0x07, 0x2b, 0x0b, 0x63, 0x0b, 0x5a, 0x55, 0x90, 0x71, 0x7d, 0xf1, 0xdb,
  75. 0xd9, 0xb1, 0x41, 0x41, 0x68, 0x2f, 0x4e, 0x39, 0x02, 0x40, 0x5a, 0x34,
  76. 0x66, 0xd8, 0xf5, 0xe2, 0x7f, 0x18, 0xb5, 0x00, 0x6e, 0x26, 0x84, 0x27,
  77. 0x14, 0x93, 0xfb, 0xfc, 0xc6, 0x0f, 0x5e, 0x27, 0xe6, 0xe1, 0xe9, 0xc0,
  78. 0x8a, 0xe4, 0x34, 0xda, 0xe9, 0xa2, 0x4b, 0x73, 0xbc, 0x8c, 0xb9, 0xba,
  79. 0x13, 0x6c, 0x7a, 0x2b, 0x51, 0x84, 0xa3, 0x4a, 0xe0, 0x30, 0x10, 0x06,
  80. 0x7e, 0xed, 0x17, 0x5a, 0x14, 0x00, 0xc9, 0xef, 0x85, 0xea, 0x52, 0x2c,
  81. 0xbc, 0x65, 0x02, 0x40, 0x51, 0xe3, 0xf2, 0x83, 0x19, 0x9b, 0xc4, 0x1e,
  82. 0x2f, 0x50, 0x3d, 0xdf, 0x5a, 0xa2, 0x18, 0xca, 0x5f, 0x2e, 0x49, 0xaf,
  83. 0x6f, 0xcc, 0xfa, 0x65, 0x77, 0x94, 0xb5, 0xa1, 0x0a, 0xa9, 0xd1, 0x8a,
  84. 0x39, 0x37, 0xf4, 0x0b, 0xa0, 0xd7, 0x82, 0x27, 0x5e, 0xae, 0x17, 0x17,
  85. 0xa1, 0x1e, 0x54, 0x34, 0xbf, 0x6e, 0xc4, 0x8e, 0x99, 0x5d, 0x08, 0xf1,
  86. 0x2d, 0x86, 0x9d, 0xa5, 0x20, 0x1b, 0xe5, 0xdf,
  87. };
  88. /*
  89. * kExampleDSAKeyDER is a DSA private key in ASN.1, DER format. Of course, you
  90. * should never use this key anywhere but in an example.
  91. */
  92. #ifndef OPENSSL_NO_DSA
  93. static const unsigned char kExampleDSAKeyDER[] = {
  94. 0x30, 0x82, 0x01, 0xba, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81, 0x00, 0x9a,
  95. 0x05, 0x6d, 0x33, 0xcd, 0x5d, 0x78, 0xa1, 0xbb, 0xcb, 0x7d, 0x5b, 0x8d,
  96. 0xb4, 0xcc, 0xbf, 0x03, 0x99, 0x64, 0xde, 0x38, 0x78, 0x06, 0x15, 0x2f,
  97. 0x86, 0x26, 0x77, 0xf3, 0xb1, 0x85, 0x00, 0xed, 0xfc, 0x28, 0x3a, 0x42,
  98. 0x4d, 0xab, 0xab, 0xdf, 0xbc, 0x9c, 0x16, 0xd0, 0x22, 0x50, 0xd1, 0x38,
  99. 0xdd, 0x3f, 0x64, 0x05, 0x9e, 0x68, 0x7a, 0x1e, 0xf1, 0x56, 0xbf, 0x1e,
  100. 0x2c, 0xc5, 0x97, 0x2a, 0xfe, 0x7a, 0x22, 0xdc, 0x6c, 0x68, 0xb8, 0x2e,
  101. 0x06, 0xdb, 0x41, 0xca, 0x98, 0xd8, 0x54, 0xc7, 0x64, 0x48, 0x24, 0x04,
  102. 0x20, 0xbc, 0x59, 0xe3, 0x6b, 0xea, 0x7e, 0xfc, 0x7e, 0xc5, 0x4e, 0xd4,
  103. 0xd8, 0x3a, 0xed, 0xcd, 0x5d, 0x99, 0xb8, 0x5c, 0xa2, 0x8b, 0xbb, 0x0b,
  104. 0xac, 0xe6, 0x8e, 0x25, 0x56, 0x22, 0x3a, 0x2d, 0x3a, 0x56, 0x41, 0x14,
  105. 0x1f, 0x1c, 0x8f, 0x53, 0x46, 0x13, 0x85, 0x02, 0x15, 0x00, 0x98, 0x7e,
  106. 0x92, 0x81, 0x88, 0xc7, 0x3f, 0x70, 0x49, 0x54, 0xf6, 0x76, 0xb4, 0xa3,
  107. 0x9e, 0x1d, 0x45, 0x98, 0x32, 0x7f, 0x02, 0x81, 0x80, 0x69, 0x4d, 0xef,
  108. 0x55, 0xff, 0x4d, 0x59, 0x2c, 0x01, 0xfa, 0x6a, 0x38, 0xe0, 0x70, 0x9f,
  109. 0x9e, 0x66, 0x8e, 0x3e, 0x8c, 0x52, 0x22, 0x9d, 0x15, 0x7e, 0x3c, 0xef,
  110. 0x4c, 0x7a, 0x61, 0x26, 0xe0, 0x2b, 0x81, 0x3f, 0xeb, 0xaf, 0x35, 0x38,
  111. 0x8d, 0xfe, 0xed, 0x46, 0xff, 0x5f, 0x03, 0x9b, 0x81, 0x92, 0xe7, 0x6f,
  112. 0x76, 0x4f, 0x1d, 0xd9, 0xbb, 0x89, 0xc9, 0x3e, 0xd9, 0x0b, 0xf9, 0xf4,
  113. 0x78, 0x11, 0x59, 0xc0, 0x1d, 0xcd, 0x0e, 0xa1, 0x6f, 0x15, 0xf1, 0x4d,
  114. 0xc1, 0xc9, 0x22, 0xed, 0x8d, 0xad, 0x67, 0xc5, 0x4b, 0x95, 0x93, 0x86,
  115. 0xa6, 0xaf, 0x8a, 0xee, 0x06, 0x89, 0x2f, 0x37, 0x7e, 0x64, 0xaa, 0xf6,
  116. 0xe7, 0xb1, 0x5a, 0x0a, 0x93, 0x95, 0x5d, 0x3e, 0x53, 0x9a, 0xde, 0x8a,
  117. 0xc2, 0x95, 0x45, 0x81, 0xbe, 0x5c, 0x2f, 0xc2, 0xb2, 0x92, 0x58, 0x19,
  118. 0x72, 0x80, 0xe9, 0x79, 0xa1, 0x02, 0x81, 0x80, 0x07, 0xd7, 0x62, 0xff,
  119. 0xdf, 0x1a, 0x3f, 0xed, 0x32, 0xd4, 0xd4, 0x88, 0x7b, 0x2c, 0x63, 0x7f,
  120. 0x97, 0xdc, 0x44, 0xd4, 0x84, 0xa2, 0xdd, 0x17, 0x16, 0x85, 0x13, 0xe0,
  121. 0xac, 0x51, 0x8d, 0x29, 0x1b, 0x75, 0x9a, 0xe4, 0xe3, 0x8a, 0x92, 0x69,
  122. 0x09, 0x03, 0xc5, 0x68, 0xae, 0x5e, 0x94, 0xfe, 0xc9, 0x92, 0x6c, 0x07,
  123. 0xb4, 0x1e, 0x64, 0x62, 0x87, 0xc6, 0xa4, 0xfd, 0x0d, 0x5f, 0xe5, 0xf9,
  124. 0x1b, 0x4f, 0x85, 0x5f, 0xae, 0xf3, 0x11, 0xe5, 0x18, 0xd4, 0x4d, 0x79,
  125. 0x9f, 0xc4, 0x79, 0x26, 0x04, 0x27, 0xf0, 0x0b, 0xee, 0x2b, 0x86, 0x9f,
  126. 0x86, 0x61, 0xe6, 0x51, 0xce, 0x04, 0x9b, 0x5d, 0x6b, 0x34, 0x43, 0x8c,
  127. 0x85, 0x3c, 0xf1, 0x51, 0x9b, 0x08, 0x23, 0x1b, 0xf5, 0x7e, 0x33, 0x12,
  128. 0xea, 0xab, 0x1f, 0xb7, 0x2d, 0xe2, 0x5f, 0xe6, 0x97, 0x99, 0xb5, 0x45,
  129. 0x16, 0x5b, 0xc3, 0x41, 0x02, 0x14, 0x61, 0xbf, 0x51, 0x60, 0xcf, 0xc8,
  130. 0xf1, 0x8c, 0x82, 0x97, 0xf2, 0xf4, 0x19, 0xba, 0x2b, 0xf3, 0x16, 0xbe,
  131. 0x40, 0x48
  132. };
  133. #endif
  134. /*
  135. * kExampleBadRSAKeyDER is an RSA private key in ASN.1, DER format. The private
  136. * components are not correct.
  137. */
  138. static const unsigned char kExampleBadRSAKeyDER[] = {
  139. 0x30, 0x82, 0x04, 0x27, 0x02, 0x01, 0x00, 0x02, 0x82, 0x01, 0x01, 0x00,
  140. 0xa6, 0x1a, 0x1e, 0x6e, 0x7b, 0xee, 0xc6, 0x89, 0x66, 0xe7, 0x93, 0xef,
  141. 0x54, 0x12, 0x68, 0xea, 0xbf, 0x86, 0x2f, 0xdd, 0xd2, 0x79, 0xb8, 0xa9,
  142. 0x6e, 0x03, 0xc2, 0xa3, 0xb9, 0xa3, 0xe1, 0x4b, 0x2a, 0xb3, 0xf8, 0xb4,
  143. 0xcd, 0xea, 0xbe, 0x24, 0xa6, 0x57, 0x5b, 0x83, 0x1f, 0x0f, 0xf2, 0xd3,
  144. 0xb7, 0xac, 0x7e, 0xd6, 0x8e, 0x6e, 0x1e, 0xbf, 0xb8, 0x73, 0x8c, 0x05,
  145. 0x56, 0xe6, 0x35, 0x1f, 0xe9, 0x04, 0x0b, 0x09, 0x86, 0x7d, 0xf1, 0x26,
  146. 0x08, 0x99, 0xad, 0x7b, 0xc8, 0x4d, 0x94, 0xb0, 0x0b, 0x8b, 0x38, 0xa0,
  147. 0x5c, 0x62, 0xa0, 0xab, 0xd3, 0x8f, 0xd4, 0x09, 0x60, 0x72, 0x1e, 0x33,
  148. 0x50, 0x80, 0x6e, 0x22, 0xa6, 0x77, 0x57, 0x6b, 0x9a, 0x33, 0x21, 0x66,
  149. 0x87, 0x6e, 0x21, 0x7b, 0xc7, 0x24, 0x0e, 0xd8, 0x13, 0xdf, 0x83, 0xde,
  150. 0xcd, 0x40, 0x58, 0x1d, 0x84, 0x86, 0xeb, 0xb8, 0x12, 0x4e, 0xd2, 0xfa,
  151. 0x80, 0x1f, 0xe4, 0xe7, 0x96, 0x29, 0xb8, 0xcc, 0xce, 0x66, 0x6d, 0x53,
  152. 0xca, 0xb9, 0x5a, 0xd7, 0xf6, 0x84, 0x6c, 0x2d, 0x9a, 0x1a, 0x14, 0x1c,
  153. 0x4e, 0x93, 0x39, 0xba, 0x74, 0xed, 0xed, 0x87, 0x87, 0x5e, 0x48, 0x75,
  154. 0x36, 0xf0, 0xbc, 0x34, 0xfb, 0x29, 0xf9, 0x9f, 0x96, 0x5b, 0x0b, 0xa7,
  155. 0x54, 0x30, 0x51, 0x29, 0x18, 0x5b, 0x7d, 0xac, 0x0f, 0xd6, 0x5f, 0x7c,
  156. 0xf8, 0x98, 0x8c, 0xd8, 0x86, 0x62, 0xb3, 0xdc, 0xff, 0x0f, 0xff, 0x7a,
  157. 0xaf, 0x5c, 0x4c, 0x61, 0x49, 0x2e, 0xc8, 0x95, 0x86, 0xc4, 0x0e, 0x87,
  158. 0xfc, 0x1d, 0xcf, 0x8b, 0x7c, 0x61, 0xf6, 0xd8, 0xd0, 0x69, 0xf6, 0xcd,
  159. 0x8a, 0x8c, 0xf6, 0x62, 0xa2, 0x56, 0xa9, 0xe3, 0xd1, 0xcf, 0x4d, 0xa0,
  160. 0xf6, 0x2d, 0x20, 0x0a, 0x04, 0xb7, 0xa2, 0xf7, 0xb5, 0x99, 0x47, 0x18,
  161. 0x56, 0x85, 0x87, 0xc7, 0x02, 0x03, 0x01, 0x00, 0x01, 0x02, 0x82, 0x01,
  162. 0x01, 0x00, 0x99, 0x41, 0x38, 0x1a, 0xd0, 0x96, 0x7a, 0xf0, 0x83, 0xd5,
  163. 0xdf, 0x94, 0xce, 0x89, 0x3d, 0xec, 0x7a, 0x52, 0x21, 0x10, 0x16, 0x06,
  164. 0xe0, 0xee, 0xd2, 0xe6, 0xfd, 0x4b, 0x7b, 0x19, 0x4d, 0xe1, 0xc0, 0xc0,
  165. 0xd5, 0x14, 0x5d, 0x79, 0xdd, 0x7e, 0x8b, 0x4b, 0xc6, 0xcf, 0xb0, 0x75,
  166. 0x52, 0xa3, 0x2d, 0xb1, 0x26, 0x46, 0x68, 0x9c, 0x0a, 0x1a, 0xf2, 0xe1,
  167. 0x09, 0xac, 0x53, 0x85, 0x8c, 0x36, 0xa9, 0x14, 0x65, 0xea, 0xa0, 0x00,
  168. 0xcb, 0xe3, 0x3f, 0xc4, 0x2b, 0x61, 0x2e, 0x6b, 0x06, 0x69, 0x77, 0xfd,
  169. 0x38, 0x7e, 0x1d, 0x3f, 0x92, 0xe7, 0x77, 0x08, 0x19, 0xa7, 0x9d, 0x29,
  170. 0x2d, 0xdc, 0x42, 0xc6, 0x7c, 0xd7, 0xd3, 0xa8, 0x01, 0x2c, 0xf2, 0xd5,
  171. 0x82, 0x57, 0xcb, 0x55, 0x3d, 0xe7, 0xaa, 0xd2, 0x06, 0x30, 0x30, 0x05,
  172. 0xe6, 0xf2, 0x47, 0x86, 0xba, 0xc6, 0x61, 0x64, 0xeb, 0x4f, 0x2a, 0x5e,
  173. 0x07, 0x29, 0xe0, 0x96, 0xb2, 0x43, 0xff, 0x5f, 0x1a, 0x54, 0x16, 0xcf,
  174. 0xb5, 0x56, 0x5c, 0xa0, 0x9b, 0x0c, 0xfd, 0xb3, 0xd2, 0xe3, 0x79, 0x1d,
  175. 0x21, 0xe2, 0xd6, 0x13, 0xc4, 0x74, 0xa6, 0xf5, 0x8e, 0x8e, 0x81, 0xbb,
  176. 0xb4, 0xad, 0x8a, 0xf0, 0x93, 0x0a, 0xd8, 0x0a, 0x42, 0x36, 0xbc, 0xe5,
  177. 0x26, 0x2a, 0x0d, 0x5d, 0x57, 0x13, 0xc5, 0x4e, 0x2f, 0x12, 0x0e, 0xef,
  178. 0xa7, 0x81, 0x1e, 0xc3, 0xa5, 0xdb, 0xc9, 0x24, 0xeb, 0x1a, 0xa1, 0xf9,
  179. 0xf6, 0xa1, 0x78, 0x98, 0x93, 0x77, 0x42, 0x45, 0x03, 0xe2, 0xc9, 0xa2,
  180. 0xfe, 0x2d, 0x77, 0xc8, 0xc6, 0xac, 0x9b, 0x98, 0x89, 0x6d, 0x9a, 0xe7,
  181. 0x61, 0x63, 0xb7, 0xf2, 0xec, 0xd6, 0xb1, 0xa1, 0x6e, 0x0a, 0x1a, 0xff,
  182. 0xfd, 0x43, 0x28, 0xc3, 0x0c, 0xdc, 0xf2, 0x47, 0x4f, 0x27, 0xaa, 0x99,
  183. 0x04, 0x8e, 0xac, 0xe8, 0x7c, 0x01, 0x02, 0x04, 0x12, 0x34, 0x56, 0x78,
  184. 0x02, 0x81, 0x81, 0x00, 0xca, 0x69, 0xe5, 0xbb, 0x3a, 0x90, 0x82, 0xcb,
  185. 0x82, 0x50, 0x2f, 0x29, 0xe2, 0x76, 0x6a, 0x57, 0x55, 0x45, 0x4e, 0x35,
  186. 0x18, 0x61, 0xe0, 0x12, 0x70, 0xc0, 0xab, 0xc7, 0x80, 0xa2, 0xd4, 0x46,
  187. 0x34, 0x03, 0xa0, 0x19, 0x26, 0x23, 0x9e, 0xef, 0x1a, 0xcb, 0x75, 0xd6,
  188. 0xba, 0x81, 0xf4, 0x7e, 0x52, 0xe5, 0x2a, 0xe8, 0xf1, 0x49, 0x6c, 0x0f,
  189. 0x1a, 0xa0, 0xf9, 0xc6, 0xe7, 0xec, 0x60, 0xe4, 0xcb, 0x2a, 0xb5, 0x56,
  190. 0xe9, 0x9c, 0xcd, 0x19, 0x75, 0x92, 0xb1, 0x66, 0xce, 0xc3, 0xd9, 0x3d,
  191. 0x11, 0xcb, 0xc4, 0x09, 0xce, 0x1e, 0x30, 0xba, 0x2f, 0x60, 0x60, 0x55,
  192. 0x8d, 0x02, 0xdc, 0x5d, 0xaf, 0xf7, 0x52, 0x31, 0x17, 0x07, 0x53, 0x20,
  193. 0x33, 0xad, 0x8c, 0xd5, 0x2f, 0x5a, 0xd0, 0x57, 0xd7, 0xd1, 0x80, 0xd6,
  194. 0x3a, 0x9b, 0x04, 0x4f, 0x35, 0xbf, 0xe7, 0xd5, 0xbc, 0x8f, 0xd4, 0x81,
  195. 0x02, 0x81, 0x81, 0x00, 0xc0, 0x9f, 0xf8, 0xcd, 0xf7, 0x3f, 0x26, 0x8a,
  196. 0x3d, 0x4d, 0x2b, 0x0c, 0x01, 0xd0, 0xa2, 0xb4, 0x18, 0xfe, 0xf7, 0x5e,
  197. 0x2f, 0x06, 0x13, 0xcd, 0x63, 0xaa, 0x12, 0xa9, 0x24, 0x86, 0xe3, 0xf3,
  198. 0x7b, 0xda, 0x1a, 0x3c, 0xb1, 0x38, 0x80, 0x80, 0xef, 0x64, 0x64, 0xa1,
  199. 0x9b, 0xfe, 0x76, 0x63, 0x8e, 0x83, 0xd2, 0xd9, 0xb9, 0x86, 0xb0, 0xe6,
  200. 0xa6, 0x0c, 0x7e, 0xa8, 0x84, 0x90, 0x98, 0x0c, 0x1e, 0xf3, 0x14, 0x77,
  201. 0xe0, 0x5f, 0x81, 0x08, 0x11, 0x8f, 0xa6, 0x23, 0xc4, 0xba, 0xc0, 0x8a,
  202. 0xe4, 0xc6, 0xe3, 0x5c, 0xbe, 0xc5, 0xec, 0x2c, 0xb9, 0xd8, 0x8c, 0x4d,
  203. 0x1a, 0x9d, 0xe7, 0x7c, 0x85, 0x4c, 0x0d, 0x71, 0x4e, 0x72, 0x33, 0x1b,
  204. 0xfe, 0xa9, 0x17, 0x72, 0x76, 0x56, 0x9d, 0x74, 0x7e, 0x52, 0x67, 0x9a,
  205. 0x87, 0x9a, 0xdb, 0x30, 0xde, 0xe4, 0x49, 0x28, 0x3b, 0xd2, 0x67, 0xaf,
  206. 0x02, 0x81, 0x81, 0x00, 0x89, 0x74, 0x9a, 0x8e, 0xa7, 0xb9, 0xa5, 0x28,
  207. 0xc0, 0x68, 0xe5, 0x6e, 0x63, 0x1c, 0x99, 0x20, 0x8f, 0x86, 0x8e, 0x12,
  208. 0x9e, 0x69, 0x30, 0xfa, 0x34, 0xd9, 0x92, 0x8d, 0xdb, 0x7c, 0x37, 0xfd,
  209. 0x28, 0xab, 0x61, 0x98, 0x52, 0x7f, 0x14, 0x1a, 0x39, 0xae, 0xfb, 0x6a,
  210. 0x03, 0xa3, 0xe6, 0xbd, 0xb6, 0x5b, 0x6b, 0xe5, 0x5e, 0x9d, 0xc6, 0xa5,
  211. 0x07, 0x27, 0x54, 0x17, 0xd0, 0x3d, 0x84, 0x9b, 0x3a, 0xa0, 0xd9, 0x1e,
  212. 0x99, 0x6c, 0x63, 0x17, 0xab, 0xf1, 0x1f, 0x49, 0xba, 0x95, 0xe3, 0x3b,
  213. 0x86, 0x8f, 0x42, 0xa4, 0x89, 0xf5, 0x94, 0x8f, 0x8b, 0x46, 0xbe, 0x84,
  214. 0xba, 0x4a, 0xbc, 0x0d, 0x5f, 0x46, 0xeb, 0xe8, 0xec, 0x43, 0x8c, 0x1e,
  215. 0xad, 0x19, 0x69, 0x2f, 0x08, 0x86, 0x7a, 0x3f, 0x7d, 0x0f, 0x07, 0x97,
  216. 0xf3, 0x9a, 0x7b, 0xb5, 0xb2, 0xc1, 0x8c, 0x95, 0x68, 0x04, 0xa0, 0x81,
  217. 0x02, 0x81, 0x80, 0x4e, 0xbf, 0x7e, 0x1b, 0xcb, 0x13, 0x61, 0x75, 0x3b,
  218. 0xdb, 0x59, 0x5f, 0xb1, 0xd4, 0xb8, 0xeb, 0x9e, 0x73, 0xb5, 0xe7, 0xf6,
  219. 0x89, 0x3d, 0x1c, 0xda, 0xf0, 0x36, 0xff, 0x35, 0xbd, 0x1e, 0x0b, 0x74,
  220. 0xe3, 0x9e, 0xf0, 0xf2, 0xf7, 0xd7, 0x82, 0xb7, 0x7b, 0x6a, 0x1b, 0x0e,
  221. 0x30, 0x4a, 0x98, 0x0e, 0xb4, 0xf9, 0x81, 0x07, 0xe4, 0x75, 0x39, 0xe9,
  222. 0x53, 0xca, 0xbb, 0x5c, 0xaa, 0x93, 0x07, 0x0e, 0xa8, 0x2f, 0xba, 0x98,
  223. 0x49, 0x30, 0xa7, 0xcc, 0x1a, 0x3c, 0x68, 0x0c, 0xe1, 0xa4, 0xb1, 0x05,
  224. 0xe6, 0xe0, 0x25, 0x78, 0x58, 0x14, 0x37, 0xf5, 0x1f, 0xe3, 0x22, 0xef,
  225. 0xa8, 0x0e, 0x22, 0xa0, 0x94, 0x3a, 0xf6, 0xc9, 0x13, 0xe6, 0x06, 0xbf,
  226. 0x7f, 0x99, 0xc6, 0xcc, 0xd8, 0xc6, 0xbe, 0xd9, 0x2e, 0x24, 0xc7, 0x69,
  227. 0x8c, 0x95, 0xba, 0xf6, 0x04, 0xb3, 0x0a, 0xf4, 0xcb, 0xf0, 0xce,
  228. };
  229. static const unsigned char kMsg[] = { 1, 2, 3, 4 };
  230. static const unsigned char kSignature[] = {
  231. 0xa5, 0xf0, 0x8a, 0x47, 0x5d, 0x3c, 0xb3, 0xcc, 0xa9, 0x79, 0xaf, 0x4d,
  232. 0x8c, 0xae, 0x4c, 0x14, 0xef, 0xc2, 0x0b, 0x34, 0x36, 0xde, 0xf4, 0x3e,
  233. 0x3d, 0xbb, 0x4a, 0x60, 0x5c, 0xc8, 0x91, 0x28, 0xda, 0xfb, 0x7e, 0x04,
  234. 0x96, 0x7e, 0x63, 0x13, 0x90, 0xce, 0xb9, 0xb4, 0x62, 0x7a, 0xfd, 0x09,
  235. 0x3d, 0xc7, 0x67, 0x78, 0x54, 0x04, 0xeb, 0x52, 0x62, 0x6e, 0x24, 0x67,
  236. 0xb4, 0x40, 0xfc, 0x57, 0x62, 0xc6, 0xf1, 0x67, 0xc1, 0x97, 0x8f, 0x6a,
  237. 0xa8, 0xae, 0x44, 0x46, 0x5e, 0xab, 0x67, 0x17, 0x53, 0x19, 0x3a, 0xda,
  238. 0x5a, 0xc8, 0x16, 0x3e, 0x86, 0xd5, 0xc5, 0x71, 0x2f, 0xfc, 0x23, 0x48,
  239. 0xd9, 0x0b, 0x13, 0xdd, 0x7b, 0x5a, 0x25, 0x79, 0xef, 0xa5, 0x7b, 0x04,
  240. 0xed, 0x44, 0xf6, 0x18, 0x55, 0xe4, 0x0a, 0xe9, 0x57, 0x79, 0x5d, 0xd7,
  241. 0x55, 0xa7, 0xab, 0x45, 0x02, 0x97, 0x60, 0x42,
  242. };
  243. /*
  244. * kExampleRSAKeyPKCS8 is kExampleRSAKeyDER encoded in a PKCS #8
  245. * PrivateKeyInfo.
  246. */
  247. static const unsigned char kExampleRSAKeyPKCS8[] = {
  248. 0x30, 0x82, 0x02, 0x76, 0x02, 0x01, 0x00, 0x30, 0x0d, 0x06, 0x09, 0x2a,
  249. 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x04, 0x82,
  250. 0x02, 0x60, 0x30, 0x82, 0x02, 0x5c, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81,
  251. 0x00, 0xf8, 0xb8, 0x6c, 0x83, 0xb4, 0xbc, 0xd9, 0xa8, 0x57, 0xc0, 0xa5,
  252. 0xb4, 0x59, 0x76, 0x8c, 0x54, 0x1d, 0x79, 0xeb, 0x22, 0x52, 0x04, 0x7e,
  253. 0xd3, 0x37, 0xeb, 0x41, 0xfd, 0x83, 0xf9, 0xf0, 0xa6, 0x85, 0x15, 0x34,
  254. 0x75, 0x71, 0x5a, 0x84, 0xa8, 0x3c, 0xd2, 0xef, 0x5a, 0x4e, 0xd3, 0xde,
  255. 0x97, 0x8a, 0xdd, 0xff, 0xbb, 0xcf, 0x0a, 0xaa, 0x86, 0x92, 0xbe, 0xb8,
  256. 0x50, 0xe4, 0xcd, 0x6f, 0x80, 0x33, 0x30, 0x76, 0x13, 0x8f, 0xca, 0x7b,
  257. 0xdc, 0xec, 0x5a, 0xca, 0x63, 0xc7, 0x03, 0x25, 0xef, 0xa8, 0x8a, 0x83,
  258. 0x58, 0x76, 0x20, 0xfa, 0x16, 0x77, 0xd7, 0x79, 0x92, 0x63, 0x01, 0x48,
  259. 0x1a, 0xd8, 0x7b, 0x67, 0xf1, 0x52, 0x55, 0x49, 0x4e, 0xd6, 0x6e, 0x4a,
  260. 0x5c, 0xd7, 0x7a, 0x37, 0x36, 0x0c, 0xde, 0xdd, 0x8f, 0x44, 0xe8, 0xc2,
  261. 0xa7, 0x2c, 0x2b, 0xb5, 0xaf, 0x64, 0x4b, 0x61, 0x07, 0x02, 0x03, 0x01,
  262. 0x00, 0x01, 0x02, 0x81, 0x80, 0x74, 0x88, 0x64, 0x3f, 0x69, 0x45, 0x3a,
  263. 0x6d, 0xc7, 0x7f, 0xb9, 0xa3, 0xc0, 0x6e, 0xec, 0xdc, 0xd4, 0x5a, 0xb5,
  264. 0x32, 0x85, 0x5f, 0x19, 0xd4, 0xf8, 0xd4, 0x3f, 0x3c, 0xfa, 0xc2, 0xf6,
  265. 0x5f, 0xee, 0xe6, 0xba, 0x87, 0x74, 0x2e, 0xc7, 0x0c, 0xd4, 0x42, 0xb8,
  266. 0x66, 0x85, 0x9c, 0x7b, 0x24, 0x61, 0xaa, 0x16, 0x11, 0xf6, 0xb5, 0xb6,
  267. 0xa4, 0x0a, 0xc9, 0x55, 0x2e, 0x81, 0xa5, 0x47, 0x61, 0xcb, 0x25, 0x8f,
  268. 0xc2, 0x15, 0x7b, 0x0e, 0x7c, 0x36, 0x9f, 0x3a, 0xda, 0x58, 0x86, 0x1c,
  269. 0x5b, 0x83, 0x79, 0xe6, 0x2b, 0xcc, 0xe6, 0xfa, 0x2c, 0x61, 0xf2, 0x78,
  270. 0x80, 0x1b, 0xe2, 0xf3, 0x9d, 0x39, 0x2b, 0x65, 0x57, 0x91, 0x3d, 0x71,
  271. 0x99, 0x73, 0xa5, 0xc2, 0x79, 0x20, 0x8c, 0x07, 0x4f, 0xe5, 0xb4, 0x60,
  272. 0x1f, 0x99, 0xa2, 0xb1, 0x4f, 0x0c, 0xef, 0xbc, 0x59, 0x53, 0x00, 0x7d,
  273. 0xb1, 0x02, 0x41, 0x00, 0xfc, 0x7e, 0x23, 0x65, 0x70, 0xf8, 0xce, 0xd3,
  274. 0x40, 0x41, 0x80, 0x6a, 0x1d, 0x01, 0xd6, 0x01, 0xff, 0xb6, 0x1b, 0x3d,
  275. 0x3d, 0x59, 0x09, 0x33, 0x79, 0xc0, 0x4f, 0xde, 0x96, 0x27, 0x4b, 0x18,
  276. 0xc6, 0xd9, 0x78, 0xf1, 0xf4, 0x35, 0x46, 0xe9, 0x7c, 0x42, 0x7a, 0x5d,
  277. 0x9f, 0xef, 0x54, 0xb8, 0xf7, 0x9f, 0xc4, 0x33, 0x6c, 0xf3, 0x8c, 0x32,
  278. 0x46, 0x87, 0x67, 0x30, 0x7b, 0xa7, 0xac, 0xe3, 0x02, 0x41, 0x00, 0xfc,
  279. 0x2c, 0xdf, 0x0c, 0x0d, 0x88, 0xf5, 0xb1, 0x92, 0xa8, 0x93, 0x47, 0x63,
  280. 0x55, 0xf5, 0xca, 0x58, 0x43, 0xba, 0x1c, 0xe5, 0x9e, 0xb6, 0x95, 0x05,
  281. 0xcd, 0xb5, 0x82, 0xdf, 0xeb, 0x04, 0x53, 0x9d, 0xbd, 0xc2, 0x38, 0x16,
  282. 0xb3, 0x62, 0xdd, 0xa1, 0x46, 0xdb, 0x6d, 0x97, 0x93, 0x9f, 0x8a, 0xc3,
  283. 0x9b, 0x64, 0x7e, 0x42, 0xe3, 0x32, 0x57, 0x19, 0x1b, 0xd5, 0x6e, 0x85,
  284. 0xfa, 0xb8, 0x8d, 0x02, 0x41, 0x00, 0xbc, 0x3d, 0xde, 0x6d, 0xd6, 0x97,
  285. 0xe8, 0xba, 0x9e, 0x81, 0x37, 0x17, 0xe5, 0xa0, 0x64, 0xc9, 0x00, 0xb7,
  286. 0xe7, 0xfe, 0xf4, 0x29, 0xd9, 0x2e, 0x43, 0x6b, 0x19, 0x20, 0xbd, 0x99,
  287. 0x75, 0xe7, 0x76, 0xf8, 0xd3, 0xae, 0xaf, 0x7e, 0xb8, 0xeb, 0x81, 0xf4,
  288. 0x9d, 0xfe, 0x07, 0x2b, 0x0b, 0x63, 0x0b, 0x5a, 0x55, 0x90, 0x71, 0x7d,
  289. 0xf1, 0xdb, 0xd9, 0xb1, 0x41, 0x41, 0x68, 0x2f, 0x4e, 0x39, 0x02, 0x40,
  290. 0x5a, 0x34, 0x66, 0xd8, 0xf5, 0xe2, 0x7f, 0x18, 0xb5, 0x00, 0x6e, 0x26,
  291. 0x84, 0x27, 0x14, 0x93, 0xfb, 0xfc, 0xc6, 0x0f, 0x5e, 0x27, 0xe6, 0xe1,
  292. 0xe9, 0xc0, 0x8a, 0xe4, 0x34, 0xda, 0xe9, 0xa2, 0x4b, 0x73, 0xbc, 0x8c,
  293. 0xb9, 0xba, 0x13, 0x6c, 0x7a, 0x2b, 0x51, 0x84, 0xa3, 0x4a, 0xe0, 0x30,
  294. 0x10, 0x06, 0x7e, 0xed, 0x17, 0x5a, 0x14, 0x00, 0xc9, 0xef, 0x85, 0xea,
  295. 0x52, 0x2c, 0xbc, 0x65, 0x02, 0x40, 0x51, 0xe3, 0xf2, 0x83, 0x19, 0x9b,
  296. 0xc4, 0x1e, 0x2f, 0x50, 0x3d, 0xdf, 0x5a, 0xa2, 0x18, 0xca, 0x5f, 0x2e,
  297. 0x49, 0xaf, 0x6f, 0xcc, 0xfa, 0x65, 0x77, 0x94, 0xb5, 0xa1, 0x0a, 0xa9,
  298. 0xd1, 0x8a, 0x39, 0x37, 0xf4, 0x0b, 0xa0, 0xd7, 0x82, 0x27, 0x5e, 0xae,
  299. 0x17, 0x17, 0xa1, 0x1e, 0x54, 0x34, 0xbf, 0x6e, 0xc4, 0x8e, 0x99, 0x5d,
  300. 0x08, 0xf1, 0x2d, 0x86, 0x9d, 0xa5, 0x20, 0x1b, 0xe5, 0xdf,
  301. };
  302. #ifndef OPENSSL_NO_EC
  303. /*
  304. * kExampleECKeyDER is a sample EC private key encoded as an ECPrivateKey
  305. * structure.
  306. */
  307. static const unsigned char kExampleECKeyDER[] = {
  308. 0x30, 0x77, 0x02, 0x01, 0x01, 0x04, 0x20, 0x07, 0x0f, 0x08, 0x72, 0x7a,
  309. 0xd4, 0xa0, 0x4a, 0x9c, 0xdd, 0x59, 0xc9, 0x4d, 0x89, 0x68, 0x77, 0x08,
  310. 0xb5, 0x6f, 0xc9, 0x5d, 0x30, 0x77, 0x0e, 0xe8, 0xd1, 0xc9, 0xce, 0x0a,
  311. 0x8b, 0xb4, 0x6a, 0xa0, 0x0a, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d,
  312. 0x03, 0x01, 0x07, 0xa1, 0x44, 0x03, 0x42, 0x00, 0x04, 0xe6, 0x2b, 0x69,
  313. 0xe2, 0xbf, 0x65, 0x9f, 0x97, 0xbe, 0x2f, 0x1e, 0x0d, 0x94, 0x8a, 0x4c,
  314. 0xd5, 0x97, 0x6b, 0xb7, 0xa9, 0x1e, 0x0d, 0x46, 0xfb, 0xdd, 0xa9, 0xa9,
  315. 0x1e, 0x9d, 0xdc, 0xba, 0x5a, 0x01, 0xe7, 0xd6, 0x97, 0xa8, 0x0a, 0x18,
  316. 0xf9, 0xc3, 0xc4, 0xa3, 0x1e, 0x56, 0xe2, 0x7c, 0x83, 0x48, 0xdb, 0x16,
  317. 0x1a, 0x1c, 0xf5, 0x1d, 0x7e, 0xf1, 0x94, 0x2d, 0x4b, 0xcf, 0x72, 0x22,
  318. 0xc1,
  319. };
  320. /*
  321. * kExampleBadECKeyDER is a sample EC private key encoded as an ECPrivateKey
  322. * structure. The private key is equal to the order and will fail to import
  323. */
  324. static const unsigned char kExampleBadECKeyDER[] = {
  325. 0x30, 0x66, 0x02, 0x01, 0x00, 0x30, 0x13, 0x06, 0x07, 0x2A, 0x86, 0x48,
  326. 0xCE, 0x3D, 0x02, 0x01, 0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x03,
  327. 0x01, 0x07, 0x04, 0x4C, 0x30, 0x4A, 0x02, 0x01, 0x01, 0x04, 0x20, 0xFF,
  328. 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
  329. 0xFF, 0xFF, 0xFF, 0xBC, 0xE6, 0xFA, 0xAD, 0xA7, 0x17, 0x9E, 0x84, 0xF3,
  330. 0xB9, 0xCA, 0xC2, 0xFC, 0x63, 0x25, 0x51, 0xA1, 0x23, 0x03, 0x21, 0x00,
  331. 0x00, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF,
  332. 0xFF, 0xFF, 0xFF, 0xFF, 0xBC, 0xE6, 0xFA, 0xAD, 0xA7, 0x17, 0x9E, 0x84,
  333. 0xF3, 0xB9, 0xCA, 0xC2, 0xFC, 0x63, 0x25, 0x51
  334. };
  335. /* prime256v1 */
  336. static const unsigned char kExampleECPubKeyDER[] = {
  337. 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
  338. 0x01, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, 0x03,
  339. 0x42, 0x00, 0x04, 0xba, 0xeb, 0x83, 0xfb, 0x3b, 0xb2, 0xff, 0x30, 0x53,
  340. 0xdb, 0xce, 0x32, 0xf2, 0xac, 0xae, 0x44, 0x0d, 0x3d, 0x13, 0x53, 0xb8,
  341. 0xd1, 0x68, 0x55, 0xde, 0x44, 0x46, 0x05, 0xa6, 0xc9, 0xd2, 0x04, 0xb7,
  342. 0xe3, 0xa2, 0x96, 0xc8, 0xb2, 0x5e, 0x22, 0x03, 0xd7, 0x03, 0x7a, 0x8b,
  343. 0x13, 0x5c, 0x42, 0x49, 0xc2, 0xab, 0x86, 0xd6, 0xac, 0x6b, 0x93, 0x20,
  344. 0x56, 0x6a, 0xc6, 0xc8, 0xa5, 0x0b, 0xe5
  345. };
  346. /*
  347. * kExampleBadECPubKeyDER is a sample EC public key with a wrong OID
  348. * 1.2.840.10045.2.2 instead of 1.2.840.10045.2.1 - EC Public Key
  349. */
  350. static const unsigned char kExampleBadECPubKeyDER[] = {
  351. 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
  352. 0x02, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, 0x03,
  353. 0x42, 0x00, 0x04, 0xba, 0xeb, 0x83, 0xfb, 0x3b, 0xb2, 0xff, 0x30, 0x53,
  354. 0xdb, 0xce, 0x32, 0xf2, 0xac, 0xae, 0x44, 0x0d, 0x3d, 0x13, 0x53, 0xb8,
  355. 0xd1, 0x68, 0x55, 0xde, 0x44, 0x46, 0x05, 0xa6, 0xc9, 0xd2, 0x04, 0xb7,
  356. 0xe3, 0xa2, 0x96, 0xc8, 0xb2, 0x5e, 0x22, 0x03, 0xd7, 0x03, 0x7a, 0x8b,
  357. 0x13, 0x5c, 0x42, 0x49, 0xc2, 0xab, 0x86, 0xd6, 0xac, 0x6b, 0x93, 0x20,
  358. 0x56, 0x6a, 0xc6, 0xc8, 0xa5, 0x0b, 0xe5
  359. };
  360. static const unsigned char pExampleECParamDER[] = {
  361. 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07
  362. };
  363. #endif
  364. typedef struct APK_DATA_st {
  365. const unsigned char *kder;
  366. size_t size;
  367. int evptype;
  368. int check;
  369. int pub_check;
  370. int param_check;
  371. int type; /* 0 for private, 1 for public, 2 for params */
  372. } APK_DATA;
  373. static APK_DATA keydata[] = {
  374. {kExampleRSAKeyDER, sizeof(kExampleRSAKeyDER), EVP_PKEY_RSA},
  375. {kExampleRSAKeyPKCS8, sizeof(kExampleRSAKeyPKCS8), EVP_PKEY_RSA},
  376. #ifndef OPENSSL_NO_EC
  377. {kExampleECKeyDER, sizeof(kExampleECKeyDER), EVP_PKEY_EC}
  378. #endif
  379. };
  380. static APK_DATA keycheckdata[] = {
  381. {kExampleRSAKeyDER, sizeof(kExampleRSAKeyDER), EVP_PKEY_RSA, 1, -2, -2, 0},
  382. {kExampleBadRSAKeyDER, sizeof(kExampleBadRSAKeyDER), EVP_PKEY_RSA,
  383. 0, -2, -2, 0},
  384. #ifndef OPENSSL_NO_EC
  385. {kExampleECKeyDER, sizeof(kExampleECKeyDER), EVP_PKEY_EC, 1, 1, 1, 0},
  386. /* group is also associated in our pub key */
  387. {kExampleECPubKeyDER, sizeof(kExampleECPubKeyDER), EVP_PKEY_EC, 0, 1, 1, 1},
  388. {pExampleECParamDER, sizeof(pExampleECParamDER), EVP_PKEY_EC, 0, 0, 1, 2}
  389. #endif
  390. };
  391. static EVP_PKEY *load_example_rsa_key(void)
  392. {
  393. EVP_PKEY *ret = NULL;
  394. const unsigned char *derp = kExampleRSAKeyDER;
  395. EVP_PKEY *pkey = NULL;
  396. RSA *rsa = NULL;
  397. if (!TEST_true(d2i_RSAPrivateKey(&rsa, &derp, sizeof(kExampleRSAKeyDER))))
  398. return NULL;
  399. if (!TEST_ptr(pkey = EVP_PKEY_new())
  400. || !TEST_true(EVP_PKEY_set1_RSA(pkey, rsa)))
  401. goto end;
  402. ret = pkey;
  403. pkey = NULL;
  404. end:
  405. EVP_PKEY_free(pkey);
  406. RSA_free(rsa);
  407. return ret;
  408. }
  409. #ifndef OPENSSL_NO_DSA
  410. static EVP_PKEY *load_example_dsa_key(void)
  411. {
  412. EVP_PKEY *ret = NULL;
  413. const unsigned char *derp = kExampleDSAKeyDER;
  414. EVP_PKEY *pkey = NULL;
  415. DSA *dsa = NULL;
  416. if (!TEST_true(d2i_DSAPrivateKey(&dsa, &derp, sizeof(kExampleDSAKeyDER))))
  417. return NULL;
  418. if (!TEST_ptr(pkey = EVP_PKEY_new())
  419. || !TEST_true(EVP_PKEY_set1_DSA(pkey, dsa)))
  420. goto end;
  421. ret = pkey;
  422. pkey = NULL;
  423. end:
  424. EVP_PKEY_free(pkey);
  425. DSA_free(dsa);
  426. return ret;
  427. }
  428. #endif
  429. static EVP_PKEY *load_example_hmac_key(void)
  430. {
  431. EVP_PKEY *pkey = NULL;
  432. unsigned char key[] = {
  433. 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
  434. 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
  435. 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f
  436. };
  437. pkey = EVP_PKEY_new_raw_private_key(EVP_PKEY_HMAC, NULL, key, sizeof(key));
  438. if (!TEST_ptr(pkey))
  439. return NULL;
  440. return pkey;
  441. }
  442. static int test_EVP_set_default_properties(void)
  443. {
  444. OPENSSL_CTX *ctx;
  445. EVP_MD *md = NULL;
  446. int res = 0;
  447. if (!TEST_ptr(ctx = OPENSSL_CTX_new())
  448. || !TEST_ptr(md = EVP_MD_fetch(ctx, "sha256", NULL)))
  449. goto err;
  450. EVP_MD_free(md);
  451. md = NULL;
  452. if (!TEST_true(EVP_set_default_properties(ctx, "provider=fizzbang"))
  453. || !TEST_ptr_null(md = EVP_MD_fetch(ctx, "sha256", NULL))
  454. || !TEST_ptr(md = EVP_MD_fetch(ctx, "sha256", "-provider")))
  455. goto err;
  456. EVP_MD_free(md);
  457. md = NULL;
  458. if (!TEST_true(EVP_set_default_properties(ctx, NULL))
  459. || !TEST_ptr(md = EVP_MD_fetch(ctx, "sha256", NULL)))
  460. goto err;
  461. res = 1;
  462. err:
  463. EVP_MD_free(md);
  464. OPENSSL_CTX_free(ctx);
  465. return res;
  466. }
  467. static int test_EVP_Enveloped(void)
  468. {
  469. int ret = 0;
  470. EVP_CIPHER_CTX *ctx = NULL;
  471. EVP_PKEY *keypair = NULL;
  472. unsigned char *kek = NULL;
  473. unsigned char iv[EVP_MAX_IV_LENGTH];
  474. static const unsigned char msg[] = { 1, 2, 3, 4, 5, 6, 7, 8 };
  475. int len, kek_len, ciphertext_len, plaintext_len;
  476. unsigned char ciphertext[32], plaintext[16];
  477. const EVP_CIPHER *type = EVP_aes_256_cbc();
  478. if (!TEST_ptr(keypair = load_example_rsa_key())
  479. || !TEST_ptr(kek = OPENSSL_zalloc(EVP_PKEY_size(keypair)))
  480. || !TEST_ptr(ctx = EVP_CIPHER_CTX_new())
  481. || !TEST_true(EVP_SealInit(ctx, type, &kek, &kek_len, iv,
  482. &keypair, 1))
  483. || !TEST_true(EVP_SealUpdate(ctx, ciphertext, &ciphertext_len,
  484. msg, sizeof(msg)))
  485. || !TEST_true(EVP_SealFinal(ctx, ciphertext + ciphertext_len,
  486. &len)))
  487. goto err;
  488. ciphertext_len += len;
  489. if (!TEST_true(EVP_OpenInit(ctx, type, kek, kek_len, iv, keypair))
  490. || !TEST_true(EVP_OpenUpdate(ctx, plaintext, &plaintext_len,
  491. ciphertext, ciphertext_len))
  492. || !TEST_true(EVP_OpenFinal(ctx, plaintext + plaintext_len, &len)))
  493. goto err;
  494. plaintext_len += len;
  495. if (!TEST_mem_eq(msg, sizeof(msg), plaintext, plaintext_len))
  496. goto err;
  497. ret = 1;
  498. err:
  499. OPENSSL_free(kek);
  500. EVP_PKEY_free(keypair);
  501. EVP_CIPHER_CTX_free(ctx);
  502. return ret;
  503. }
  504. /*
  505. * Test 0: Standard calls to EVP_DigestSignInit/Update/Final (Implicit fetch digest, RSA)
  506. * Test 1: Standard calls to EVP_DigestSignInit/Update/Final (Implicit fetch digest, DSA)
  507. * Test 2: Standard calls to EVP_DigestSignInit/Update/Final (Implicit fetch digest, HMAC)
  508. * Test 3: Standard calls to EVP_DigestSignInit/Update/Final (Explicit fetch digest, RSA)
  509. * Test 4: Standard calls to EVP_DigestSignInit/Update/Final (Explicit fetch digest, DSA)
  510. * Test 5: Standard calls to EVP_DigestSignInit/Update/Final (Explicit fetch diegst, HMAC)
  511. * Test 6: Use an MD BIO to do the Update calls instead (RSA)
  512. * Test 7: Use an MD BIO to do the Update calls instead (DSA)
  513. * Test 8: Use an MD BIO to do the Update calls instead (HMAC)
  514. */
  515. static int test_EVP_DigestSignInit(int tst)
  516. {
  517. int ret = 0;
  518. EVP_PKEY *pkey = NULL;
  519. unsigned char *sig = NULL;
  520. size_t sig_len = 0;
  521. EVP_MD_CTX *md_ctx = NULL, *md_ctx_verify = NULL;
  522. EVP_MD_CTX *a_md_ctx = NULL, *a_md_ctx_verify = NULL;
  523. BIO *mdbio = NULL, *membio = NULL;
  524. size_t written;
  525. const EVP_MD *md;
  526. EVP_MD *mdexp = NULL;
  527. if (tst >= 6) {
  528. membio = BIO_new(BIO_s_mem());
  529. mdbio = BIO_new(BIO_f_md());
  530. if (!TEST_ptr(membio) || !TEST_ptr(mdbio))
  531. goto out;
  532. BIO_push(mdbio, membio);
  533. if (!TEST_int_gt(BIO_get_md_ctx(mdbio, &md_ctx), 0))
  534. goto out;
  535. } else {
  536. if (!TEST_ptr(a_md_ctx = md_ctx = EVP_MD_CTX_new())
  537. || !TEST_ptr(a_md_ctx_verify = md_ctx_verify = EVP_MD_CTX_new()))
  538. goto out;
  539. }
  540. if (tst == 0 || tst == 3 || tst == 6) {
  541. if (!TEST_ptr(pkey = load_example_rsa_key()))
  542. goto out;
  543. } else if (tst == 1 || tst == 4 || tst == 7) {
  544. #ifndef OPENSSL_NO_DSA
  545. if (!TEST_ptr(pkey = load_example_dsa_key()))
  546. goto out;
  547. #else
  548. ret = 1;
  549. goto out;
  550. #endif
  551. } else {
  552. if (!TEST_ptr(pkey = load_example_hmac_key()))
  553. goto out;
  554. }
  555. if (tst >= 3 && tst <= 5)
  556. md = mdexp = EVP_MD_fetch(NULL, "SHA256", NULL);
  557. else
  558. md = EVP_sha256();
  559. if (!TEST_true(EVP_DigestSignInit(md_ctx, NULL, md, NULL, pkey)))
  560. goto out;
  561. if (tst >= 6) {
  562. if (!BIO_write_ex(mdbio, kMsg, sizeof(kMsg), &written))
  563. goto out;
  564. } else {
  565. if (!TEST_true(EVP_DigestSignUpdate(md_ctx, kMsg, sizeof(kMsg))))
  566. goto out;
  567. }
  568. /* Determine the size of the signature. */
  569. if (!TEST_true(EVP_DigestSignFinal(md_ctx, NULL, &sig_len))
  570. || !TEST_ptr(sig = OPENSSL_malloc(sig_len))
  571. || !TEST_true(EVP_DigestSignFinal(md_ctx, sig, &sig_len)))
  572. goto out;
  573. if (tst >= 6) {
  574. if (!TEST_int_gt(BIO_reset(mdbio), 0)
  575. || !TEST_int_gt(BIO_get_md_ctx(mdbio, &md_ctx_verify), 0))
  576. goto out;
  577. }
  578. /*
  579. * Ensure that the signature round-trips (Verification isn't supported for
  580. * HMAC via EVP_DigestVerify*)
  581. */
  582. if (tst != 2 && tst != 5 && tst != 8) {
  583. if (!TEST_true(EVP_DigestVerifyInit(md_ctx_verify, NULL, md,
  584. NULL, pkey)))
  585. goto out;
  586. if (tst >= 6) {
  587. if (!TEST_true(BIO_write_ex(mdbio, kMsg, sizeof(kMsg), &written)))
  588. goto out;
  589. } else {
  590. if (!TEST_true(EVP_DigestVerifyUpdate(md_ctx_verify, kMsg,
  591. sizeof(kMsg))))
  592. goto out;
  593. }
  594. if (!TEST_true(EVP_DigestVerifyFinal(md_ctx_verify, sig, sig_len)))
  595. goto out;
  596. }
  597. ret = 1;
  598. out:
  599. BIO_free(membio);
  600. BIO_free(mdbio);
  601. EVP_MD_CTX_free(a_md_ctx);
  602. EVP_MD_CTX_free(a_md_ctx_verify);
  603. EVP_PKEY_free(pkey);
  604. OPENSSL_free(sig);
  605. EVP_MD_free(mdexp);
  606. return ret;
  607. }
  608. static int test_EVP_DigestVerifyInit(void)
  609. {
  610. int ret = 0;
  611. EVP_PKEY *pkey = NULL;
  612. EVP_MD_CTX *md_ctx = NULL;
  613. if (!TEST_ptr(md_ctx = EVP_MD_CTX_new())
  614. || !TEST_ptr(pkey = load_example_rsa_key()))
  615. goto out;
  616. if (!TEST_true(EVP_DigestVerifyInit(md_ctx, NULL, EVP_sha256(), NULL, pkey))
  617. || !TEST_true(EVP_DigestVerifyUpdate(md_ctx, kMsg, sizeof(kMsg)))
  618. || !TEST_true(EVP_DigestVerifyFinal(md_ctx, kSignature,
  619. sizeof(kSignature))))
  620. goto out;
  621. ret = 1;
  622. out:
  623. EVP_MD_CTX_free(md_ctx);
  624. EVP_PKEY_free(pkey);
  625. return ret;
  626. }
  627. static int test_d2i_AutoPrivateKey(int i)
  628. {
  629. int ret = 0;
  630. const unsigned char *p;
  631. EVP_PKEY *pkey = NULL;
  632. const APK_DATA *ak = &keydata[i];
  633. const unsigned char *input = ak->kder;
  634. size_t input_len = ak->size;
  635. int expected_id = ak->evptype;
  636. p = input;
  637. if (!TEST_ptr(pkey = d2i_AutoPrivateKey(NULL, &p, input_len))
  638. || !TEST_ptr_eq(p, input + input_len)
  639. || !TEST_int_eq(EVP_PKEY_id(pkey), expected_id))
  640. goto done;
  641. ret = 1;
  642. done:
  643. EVP_PKEY_free(pkey);
  644. return ret;
  645. }
  646. #ifndef OPENSSL_NO_EC
  647. static const unsigned char ec_public_sect163k1_validxy[] = {
  648. 0x30, 0x40, 0x30, 0x10, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
  649. 0x01, 0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x01, 0x03, 0x2c, 0x00, 0x04,
  650. 0x02, 0x84, 0x58, 0xa6, 0xd4, 0xa0, 0x35, 0x2b, 0xae, 0xf0, 0xc0, 0x69,
  651. 0x05, 0xcf, 0x2a, 0x50, 0x33, 0xf9, 0xe3, 0x92, 0x79, 0x02, 0xd1, 0x7b,
  652. 0x9f, 0x22, 0x00, 0xf0, 0x3b, 0x0e, 0x5d, 0x2e, 0xb7, 0x23, 0x24, 0xf3,
  653. 0x6a, 0xd8, 0x17, 0x65, 0x41, 0x2f
  654. };
  655. static const unsigned char ec_public_sect163k1_badx[] = {
  656. 0x30, 0x40, 0x30, 0x10, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
  657. 0x01, 0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x01, 0x03, 0x2c, 0x00, 0x04,
  658. 0x0a, 0x84, 0x58, 0xa6, 0xd4, 0xa0, 0x35, 0x2b, 0xae, 0xf0, 0xc0, 0x69,
  659. 0x05, 0xcf, 0x2a, 0x50, 0x33, 0xf9, 0xe3, 0x92, 0xb0, 0x02, 0xd1, 0x7b,
  660. 0x9f, 0x22, 0x00, 0xf0, 0x3b, 0x0e, 0x5d, 0x2e, 0xb7, 0x23, 0x24, 0xf3,
  661. 0x6a, 0xd8, 0x17, 0x65, 0x41, 0x2f
  662. };
  663. static const unsigned char ec_public_sect163k1_bady[] = {
  664. 0x30, 0x40, 0x30, 0x10, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
  665. 0x01, 0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x01, 0x03, 0x2c, 0x00, 0x04,
  666. 0x02, 0x84, 0x58, 0xa6, 0xd4, 0xa0, 0x35, 0x2b, 0xae, 0xf0, 0xc0, 0x69,
  667. 0x05, 0xcf, 0x2a, 0x50, 0x33, 0xf9, 0xe3, 0x92, 0x79, 0x0a, 0xd1, 0x7b,
  668. 0x9f, 0x22, 0x00, 0xf0, 0x3b, 0x0e, 0x5d, 0x2e, 0xb7, 0x23, 0x24, 0xf3,
  669. 0x6a, 0xd8, 0x17, 0x65, 0x41, 0xe6
  670. };
  671. static struct ec_der_pub_keys_st {
  672. const unsigned char *der;
  673. size_t len;
  674. int valid;
  675. } ec_der_pub_keys[] = {
  676. { ec_public_sect163k1_validxy, sizeof(ec_public_sect163k1_validxy), 1 },
  677. { ec_public_sect163k1_badx, sizeof(ec_public_sect163k1_badx), 0 },
  678. { ec_public_sect163k1_bady, sizeof(ec_public_sect163k1_bady), 0 },
  679. };
  680. /*
  681. * Tests the range of the decoded EC char2 public point.
  682. * See ec_GF2m_simple_oct2point().
  683. */
  684. static int test_invalide_ec_char2_pub_range_decode(int id)
  685. {
  686. int ret = 0;
  687. BIO *bio = NULL;
  688. EC_KEY *eckey = NULL;
  689. if (!TEST_ptr(bio = BIO_new_mem_buf(ec_der_pub_keys[id].der,
  690. ec_der_pub_keys[id].len)))
  691. goto err;
  692. eckey = d2i_EC_PUBKEY_bio(bio, NULL);
  693. ret = (ec_der_pub_keys[id].valid && TEST_ptr(eckey))
  694. || TEST_ptr_null(eckey);
  695. err:
  696. EC_KEY_free(eckey);
  697. BIO_free(bio);
  698. return ret;
  699. }
  700. /* Tests loading a bad key in PKCS8 format */
  701. static int test_EVP_PKCS82PKEY(void)
  702. {
  703. int ret = 0;
  704. const unsigned char *derp = kExampleBadECKeyDER;
  705. PKCS8_PRIV_KEY_INFO *p8inf = NULL;
  706. EVP_PKEY *pkey = NULL;
  707. if (!TEST_ptr(p8inf = d2i_PKCS8_PRIV_KEY_INFO(NULL, &derp,
  708. sizeof(kExampleBadECKeyDER))))
  709. goto done;
  710. if (!TEST_ptr_eq(derp,
  711. kExampleBadECKeyDER + sizeof(kExampleBadECKeyDER)))
  712. goto done;
  713. if (!TEST_ptr_null(pkey = EVP_PKCS82PKEY(p8inf)))
  714. goto done;
  715. ret = 1;
  716. done:
  717. PKCS8_PRIV_KEY_INFO_free(p8inf);
  718. EVP_PKEY_free(pkey);
  719. return ret;
  720. }
  721. #endif
  722. /* This uses kExampleRSAKeyDER and kExampleRSAKeyPKCS8 to verify encoding */
  723. static int test_privatekey_to_pkcs8(void)
  724. {
  725. EVP_PKEY *pkey = NULL;
  726. BIO *membio = NULL;
  727. char *membuf = NULL;
  728. long membuf_len = 0;
  729. int ok = 0;
  730. if (!TEST_ptr(membio = BIO_new(BIO_s_mem()))
  731. || !TEST_ptr(pkey = load_example_rsa_key())
  732. || !TEST_int_gt(i2d_PKCS8PrivateKey_bio(membio, pkey, NULL,
  733. NULL, 0, NULL, NULL),
  734. 0)
  735. || !TEST_int_gt(membuf_len = BIO_get_mem_data(membio, &membuf), 0)
  736. || !TEST_ptr(membuf)
  737. || !TEST_mem_eq(membuf, (size_t)membuf_len,
  738. kExampleRSAKeyPKCS8, sizeof(kExampleRSAKeyPKCS8))
  739. /*
  740. * We try to write PEM as well, just to see that it doesn't err, but
  741. * assume that the result is correct.
  742. */
  743. || !TEST_int_gt(PEM_write_bio_PKCS8PrivateKey(membio, pkey, NULL,
  744. NULL, 0, NULL, NULL),
  745. 0))
  746. goto done;
  747. ok = 1;
  748. done:
  749. EVP_PKEY_free(pkey);
  750. BIO_free_all(membio);
  751. return ok;
  752. }
  753. #if !defined(OPENSSL_NO_SM2) && !defined(FIPS_MODULE)
  754. static int test_EVP_SM2_verify(void)
  755. {
  756. /* From https://tools.ietf.org/html/draft-shen-sm2-ecdsa-02#appendix-A */
  757. const char *pubkey =
  758. "-----BEGIN PUBLIC KEY-----\n"
  759. "MIIBMzCB7AYHKoZIzj0CATCB4AIBATAsBgcqhkjOPQEBAiEAhULWnkwETxjouSQ1\n"
  760. "v2/33kVyg5FcRVF9ci7biwjx38MwRAQgeHlotPoyw/0kF4Quc7v+/y88hItoMdfg\n"
  761. "7GUiizk35JgEIGPkxtOyOwyEnPhCQUhL/kj2HVmlsWugbm4S0donxSSaBEEEQh3r\n"
  762. "1hti6rZ0ZDTrw8wxXjIiCzut1QvcTE5sFH/t1D0GgFEry7QsB9RzSdIVO3DE5df9\n"
  763. "/L+jbqGoWEG55G4JogIhAIVC1p5MBE8Y6LkkNb9v990pdyBjBIVijVrnTufDLnm3\n"
  764. "AgEBA0IABArkx3mKoPEZRxvuEYJb5GICu3nipYRElel8BP9N8lSKfAJA+I8c1OFj\n"
  765. "Uqc8F7fxbwc1PlOhdtaEqf4Ma7eY6Fc=\n"
  766. "-----END PUBLIC KEY-----\n";
  767. const char *msg = "message digest";
  768. const char *id = "ALICE123@YAHOO.COM";
  769. const uint8_t signature[] = {
  770. 0x30, 0x44, 0x02, 0x20,
  771. 0x40, 0xF1, 0xEC, 0x59, 0xF7, 0x93, 0xD9, 0xF4, 0x9E, 0x09, 0xDC,
  772. 0xEF, 0x49, 0x13, 0x0D, 0x41, 0x94, 0xF7, 0x9F, 0xB1, 0xEE, 0xD2,
  773. 0xCA, 0xA5, 0x5B, 0xAC, 0xDB, 0x49, 0xC4, 0xE7, 0x55, 0xD1,
  774. 0x02, 0x20,
  775. 0x6F, 0xC6, 0xDA, 0xC3, 0x2C, 0x5D, 0x5C, 0xF1, 0x0C, 0x77, 0xDF,
  776. 0xB2, 0x0F, 0x7C, 0x2E, 0xB6, 0x67, 0xA4, 0x57, 0x87, 0x2F, 0xB0,
  777. 0x9E, 0xC5, 0x63, 0x27, 0xA6, 0x7E, 0xC7, 0xDE, 0xEB, 0xE7
  778. };
  779. int rc = 0;
  780. BIO *bio = NULL;
  781. EVP_PKEY *pkey = NULL;
  782. EVP_MD_CTX *mctx = NULL;
  783. EVP_PKEY_CTX *pctx = NULL;
  784. bio = BIO_new_mem_buf(pubkey, strlen(pubkey));
  785. if (!TEST_true(bio != NULL))
  786. goto done;
  787. pkey = PEM_read_bio_PUBKEY(bio, NULL, NULL, NULL);
  788. if (!TEST_true(pkey != NULL))
  789. goto done;
  790. if (!TEST_true(EVP_PKEY_set_alias_type(pkey, EVP_PKEY_SM2)))
  791. goto done;
  792. if (!TEST_ptr(mctx = EVP_MD_CTX_new()))
  793. goto done;
  794. if (!TEST_ptr(pctx = EVP_PKEY_CTX_new(pkey, NULL)))
  795. goto done;
  796. if (!TEST_int_gt(EVP_PKEY_CTX_set1_id(pctx, (const uint8_t *)id,
  797. strlen(id)), 0))
  798. goto done;
  799. EVP_MD_CTX_set_pkey_ctx(mctx, pctx);
  800. if (!TEST_true(EVP_DigestVerifyInit(mctx, NULL, EVP_sm3(), NULL, pkey)))
  801. goto done;
  802. if (!TEST_true(EVP_DigestVerifyUpdate(mctx, msg, strlen(msg))))
  803. goto done;
  804. if (!TEST_true(EVP_DigestVerifyFinal(mctx, signature, sizeof(signature))))
  805. goto done;
  806. rc = 1;
  807. done:
  808. BIO_free(bio);
  809. EVP_PKEY_free(pkey);
  810. EVP_PKEY_CTX_free(pctx);
  811. EVP_MD_CTX_free(mctx);
  812. return rc;
  813. }
  814. static int test_EVP_SM2(void)
  815. {
  816. int ret = 0;
  817. EVP_PKEY *pkey = NULL;
  818. EVP_PKEY *params = NULL;
  819. EVP_PKEY_CTX *pctx = NULL;
  820. EVP_PKEY_CTX *kctx = NULL;
  821. EVP_PKEY_CTX *sctx = NULL;
  822. size_t sig_len = 0;
  823. unsigned char *sig = NULL;
  824. EVP_MD_CTX *md_ctx = NULL;
  825. EVP_MD_CTX *md_ctx_verify = NULL;
  826. EVP_PKEY_CTX *cctx = NULL;
  827. uint8_t ciphertext[128];
  828. size_t ctext_len = sizeof(ciphertext);
  829. uint8_t plaintext[8];
  830. size_t ptext_len = sizeof(plaintext);
  831. uint8_t sm2_id[] = {1, 2, 3, 4, 'l', 'e', 't', 't', 'e', 'r'};
  832. pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_EC, NULL);
  833. if (!TEST_ptr(pctx))
  834. goto done;
  835. if (!TEST_true(EVP_PKEY_paramgen_init(pctx) == 1))
  836. goto done;
  837. if (!TEST_true(EVP_PKEY_CTX_set_ec_paramgen_curve_nid(pctx, NID_sm2)))
  838. goto done;
  839. if (!TEST_true(EVP_PKEY_paramgen(pctx, &params)))
  840. goto done;
  841. kctx = EVP_PKEY_CTX_new(params, NULL);
  842. if (!TEST_ptr(kctx))
  843. goto done;
  844. if (!TEST_true(EVP_PKEY_keygen_init(kctx)))
  845. goto done;
  846. if (!TEST_true(EVP_PKEY_keygen(kctx, &pkey)))
  847. goto done;
  848. if (!TEST_true(EVP_PKEY_set_alias_type(pkey, EVP_PKEY_SM2)))
  849. goto done;
  850. if (!TEST_ptr(md_ctx = EVP_MD_CTX_new()))
  851. goto done;
  852. if (!TEST_ptr(md_ctx_verify = EVP_MD_CTX_new()))
  853. goto done;
  854. if (!TEST_ptr(sctx = EVP_PKEY_CTX_new(pkey, NULL)))
  855. goto done;
  856. EVP_MD_CTX_set_pkey_ctx(md_ctx, sctx);
  857. EVP_MD_CTX_set_pkey_ctx(md_ctx_verify, sctx);
  858. if (!TEST_int_gt(EVP_PKEY_CTX_set1_id(sctx, sm2_id, sizeof(sm2_id)), 0))
  859. goto done;
  860. if (!TEST_true(EVP_DigestSignInit(md_ctx, NULL, EVP_sm3(), NULL, pkey)))
  861. goto done;
  862. if(!TEST_true(EVP_DigestSignUpdate(md_ctx, kMsg, sizeof(kMsg))))
  863. goto done;
  864. /* Determine the size of the signature. */
  865. if (!TEST_true(EVP_DigestSignFinal(md_ctx, NULL, &sig_len)))
  866. goto done;
  867. if (!TEST_ptr(sig = OPENSSL_malloc(sig_len)))
  868. goto done;
  869. if (!TEST_true(EVP_DigestSignFinal(md_ctx, sig, &sig_len)))
  870. goto done;
  871. /* Ensure that the signature round-trips. */
  872. if (!TEST_true(EVP_DigestVerifyInit(md_ctx_verify, NULL, EVP_sm3(), NULL, pkey)))
  873. goto done;
  874. if (!TEST_true(EVP_DigestVerifyUpdate(md_ctx_verify, kMsg, sizeof(kMsg))))
  875. goto done;
  876. if (!TEST_true(EVP_DigestVerifyFinal(md_ctx_verify, sig, sig_len)))
  877. goto done;
  878. /* now check encryption/decryption */
  879. if (!TEST_ptr(cctx = EVP_PKEY_CTX_new(pkey, NULL)))
  880. goto done;
  881. if (!TEST_true(EVP_PKEY_encrypt_init(cctx)))
  882. goto done;
  883. if (!TEST_true(EVP_PKEY_encrypt(cctx, ciphertext, &ctext_len, kMsg, sizeof(kMsg))))
  884. goto done;
  885. if (!TEST_true(EVP_PKEY_decrypt_init(cctx)))
  886. goto done;
  887. if (!TEST_true(EVP_PKEY_decrypt(cctx, plaintext, &ptext_len, ciphertext, ctext_len)))
  888. goto done;
  889. if (!TEST_true(ptext_len == sizeof(kMsg)))
  890. goto done;
  891. if (!TEST_true(memcmp(plaintext, kMsg, sizeof(kMsg)) == 0))
  892. goto done;
  893. ret = 1;
  894. done:
  895. EVP_PKEY_CTX_free(pctx);
  896. EVP_PKEY_CTX_free(kctx);
  897. EVP_PKEY_CTX_free(sctx);
  898. EVP_PKEY_CTX_free(cctx);
  899. EVP_PKEY_free(pkey);
  900. EVP_PKEY_free(params);
  901. EVP_MD_CTX_free(md_ctx);
  902. EVP_MD_CTX_free(md_ctx_verify);
  903. OPENSSL_free(sig);
  904. return ret;
  905. }
  906. #endif
  907. static struct keys_st {
  908. int type;
  909. char *priv;
  910. char *pub;
  911. } keys[] = {
  912. {
  913. EVP_PKEY_HMAC, "0123456789", NULL
  914. }, {
  915. EVP_PKEY_POLY1305, "01234567890123456789012345678901", NULL
  916. }, {
  917. EVP_PKEY_SIPHASH, "0123456789012345", NULL
  918. },
  919. #ifndef OPENSSL_NO_EC
  920. {
  921. EVP_PKEY_X25519, "01234567890123456789012345678901",
  922. "abcdefghijklmnopqrstuvwxyzabcdef"
  923. }, {
  924. EVP_PKEY_ED25519, "01234567890123456789012345678901",
  925. "abcdefghijklmnopqrstuvwxyzabcdef"
  926. }, {
  927. EVP_PKEY_X448,
  928. "01234567890123456789012345678901234567890123456789012345",
  929. "abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcd"
  930. }, {
  931. EVP_PKEY_ED448,
  932. "012345678901234567890123456789012345678901234567890123456",
  933. "abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcde"
  934. }
  935. #endif
  936. };
  937. static int test_set_get_raw_keys_int(int tst, int pub, int uselibctx)
  938. {
  939. int ret = 0;
  940. unsigned char buf[80];
  941. unsigned char *in;
  942. size_t inlen, len = 0;
  943. EVP_PKEY *pkey;
  944. /* Check if this algorithm supports public keys */
  945. if (keys[tst].pub == NULL)
  946. return 1;
  947. memset(buf, 0, sizeof(buf));
  948. if (pub) {
  949. inlen = strlen(keys[tst].pub);
  950. in = (unsigned char *)keys[tst].pub;
  951. if (uselibctx) {
  952. pkey = EVP_PKEY_new_raw_public_key_with_libctx(
  953. testctx,
  954. OBJ_nid2sn(keys[tst].type),
  955. NULL,
  956. in,
  957. inlen);
  958. } else {
  959. pkey = EVP_PKEY_new_raw_public_key(keys[tst].type,
  960. NULL,
  961. in,
  962. inlen);
  963. }
  964. } else {
  965. inlen = strlen(keys[tst].priv);
  966. in = (unsigned char *)keys[tst].priv;
  967. if (uselibctx) {
  968. pkey = EVP_PKEY_new_raw_private_key_with_libctx(
  969. testctx, OBJ_nid2sn(keys[tst].type),
  970. NULL,
  971. in,
  972. inlen);
  973. } else {
  974. pkey = EVP_PKEY_new_raw_private_key(keys[tst].type,
  975. NULL,
  976. in,
  977. inlen);
  978. }
  979. }
  980. if (!TEST_ptr(pkey)
  981. || (!pub && !TEST_true(EVP_PKEY_get_raw_private_key(pkey, NULL, &len)))
  982. || (pub && !TEST_true(EVP_PKEY_get_raw_public_key(pkey, NULL, &len)))
  983. || !TEST_true(len == inlen)
  984. || (!pub && !TEST_true(EVP_PKEY_get_raw_private_key(pkey, buf, &len)))
  985. || (pub && !TEST_true(EVP_PKEY_get_raw_public_key(pkey, buf, &len)))
  986. || !TEST_mem_eq(in, inlen, buf, len))
  987. goto done;
  988. ret = 1;
  989. done:
  990. EVP_PKEY_free(pkey);
  991. return ret;
  992. }
  993. static int test_set_get_raw_keys(int tst)
  994. {
  995. return test_set_get_raw_keys_int(tst, 0, 0)
  996. && test_set_get_raw_keys_int(tst, 0, 1)
  997. && test_set_get_raw_keys_int(tst, 1, 0)
  998. && test_set_get_raw_keys_int(tst, 1, 1);
  999. }
  1000. static int pkey_custom_check(EVP_PKEY *pkey)
  1001. {
  1002. return 0xbeef;
  1003. }
  1004. static int pkey_custom_pub_check(EVP_PKEY *pkey)
  1005. {
  1006. return 0xbeef;
  1007. }
  1008. static int pkey_custom_param_check(EVP_PKEY *pkey)
  1009. {
  1010. return 0xbeef;
  1011. }
  1012. static EVP_PKEY_METHOD *custom_pmeth;
  1013. static int test_EVP_PKEY_check(int i)
  1014. {
  1015. int ret = 0;
  1016. const unsigned char *p;
  1017. EVP_PKEY *pkey = NULL;
  1018. #ifndef OPENSSL_NO_EC
  1019. EC_KEY *eckey = NULL;
  1020. #endif
  1021. EVP_PKEY_CTX *ctx = NULL;
  1022. EVP_PKEY_CTX *ctx2 = NULL;
  1023. const APK_DATA *ak = &keycheckdata[i];
  1024. const unsigned char *input = ak->kder;
  1025. size_t input_len = ak->size;
  1026. int expected_id = ak->evptype;
  1027. int expected_check = ak->check;
  1028. int expected_pub_check = ak->pub_check;
  1029. int expected_param_check = ak->param_check;
  1030. int type = ak->type;
  1031. BIO *pubkey = NULL;
  1032. p = input;
  1033. switch (type) {
  1034. case 0:
  1035. if (!TEST_ptr(pkey = d2i_AutoPrivateKey(NULL, &p, input_len))
  1036. || !TEST_ptr_eq(p, input + input_len)
  1037. || !TEST_int_eq(EVP_PKEY_id(pkey), expected_id))
  1038. goto done;
  1039. break;
  1040. #ifndef OPENSSL_NO_EC
  1041. case 1:
  1042. if (!TEST_ptr(pubkey = BIO_new_mem_buf(input, input_len))
  1043. || !TEST_ptr(eckey = d2i_EC_PUBKEY_bio(pubkey, NULL))
  1044. || !TEST_ptr(pkey = EVP_PKEY_new())
  1045. || !TEST_true(EVP_PKEY_assign_EC_KEY(pkey, eckey)))
  1046. goto done;
  1047. break;
  1048. case 2:
  1049. if (!TEST_ptr(eckey = d2i_ECParameters(NULL, &p, input_len))
  1050. || !TEST_ptr_eq(p, input + input_len)
  1051. || !TEST_ptr(pkey = EVP_PKEY_new())
  1052. || !TEST_true(EVP_PKEY_assign_EC_KEY(pkey, eckey)))
  1053. goto done;
  1054. break;
  1055. #endif
  1056. default:
  1057. return 0;
  1058. }
  1059. if (!TEST_ptr(ctx = EVP_PKEY_CTX_new(pkey, NULL)))
  1060. goto done;
  1061. if (!TEST_int_eq(EVP_PKEY_check(ctx), expected_check))
  1062. goto done;
  1063. if (!TEST_int_eq(EVP_PKEY_public_check(ctx), expected_pub_check))
  1064. goto done;
  1065. if (!TEST_int_eq(EVP_PKEY_param_check(ctx), expected_param_check))
  1066. goto done;
  1067. ctx2 = EVP_PKEY_CTX_new_id(0xdefaced, NULL);
  1068. /* assign the pkey directly, as an internal test */
  1069. EVP_PKEY_up_ref(pkey);
  1070. ctx2->pkey = pkey;
  1071. if (!TEST_int_eq(EVP_PKEY_check(ctx2), 0xbeef))
  1072. goto done;
  1073. if (!TEST_int_eq(EVP_PKEY_public_check(ctx2), 0xbeef))
  1074. goto done;
  1075. if (!TEST_int_eq(EVP_PKEY_param_check(ctx2), 0xbeef))
  1076. goto done;
  1077. ret = 1;
  1078. done:
  1079. EVP_PKEY_CTX_free(ctx);
  1080. EVP_PKEY_CTX_free(ctx2);
  1081. EVP_PKEY_free(pkey);
  1082. BIO_free(pubkey);
  1083. return ret;
  1084. }
  1085. #ifndef OPENSSL_NO_CMAC
  1086. static int test_CMAC_keygen(void)
  1087. {
  1088. /*
  1089. * This is a legacy method for CMACs, but should still work.
  1090. * This verifies that it works without an ENGINE.
  1091. */
  1092. EVP_PKEY_CTX *kctx = EVP_PKEY_CTX_new_id(EVP_PKEY_CMAC, NULL);
  1093. int ret = 0;
  1094. if (!TEST_true(EVP_PKEY_keygen_init(kctx) > 0)
  1095. && !TEST_true(EVP_PKEY_CTX_ctrl(kctx, -1, EVP_PKEY_OP_KEYGEN,
  1096. EVP_PKEY_CTRL_CIPHER,
  1097. 0, (void *)EVP_aes_256_ecb()) > 0))
  1098. goto done;
  1099. ret = 1;
  1100. done:
  1101. EVP_PKEY_CTX_free(kctx);
  1102. return ret;
  1103. }
  1104. #endif
  1105. static int test_HKDF(void)
  1106. {
  1107. EVP_PKEY_CTX *pctx;
  1108. unsigned char out[20];
  1109. size_t outlen;
  1110. int i, ret = 0;
  1111. unsigned char salt[] = "0123456789";
  1112. unsigned char key[] = "012345678901234567890123456789";
  1113. unsigned char info[] = "infostring";
  1114. const unsigned char expected[] = {
  1115. 0xe5, 0x07, 0x70, 0x7f, 0xc6, 0x78, 0xd6, 0x54, 0x32, 0x5f, 0x7e, 0xc5,
  1116. 0x7b, 0x59, 0x3e, 0xd8, 0x03, 0x6b, 0xed, 0xca
  1117. };
  1118. size_t expectedlen = sizeof(expected);
  1119. if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_HKDF, NULL)))
  1120. goto done;
  1121. /* We do this twice to test reuse of the EVP_PKEY_CTX */
  1122. for (i = 0; i < 2; i++) {
  1123. outlen = sizeof(out);
  1124. memset(out, 0, outlen);
  1125. if (!TEST_int_gt(EVP_PKEY_derive_init(pctx), 0)
  1126. || !TEST_int_gt(EVP_PKEY_CTX_set_hkdf_md(pctx, EVP_sha256()), 0)
  1127. || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_salt(pctx, salt,
  1128. sizeof(salt) - 1), 0)
  1129. || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_key(pctx, key,
  1130. sizeof(key) - 1), 0)
  1131. || !TEST_int_gt(EVP_PKEY_CTX_add1_hkdf_info(pctx, info,
  1132. sizeof(info) - 1), 0)
  1133. || !TEST_int_gt(EVP_PKEY_derive(pctx, out, &outlen), 0)
  1134. || !TEST_mem_eq(out, outlen, expected, expectedlen))
  1135. goto done;
  1136. }
  1137. ret = 1;
  1138. done:
  1139. EVP_PKEY_CTX_free(pctx);
  1140. return ret;
  1141. }
  1142. static int test_emptyikm_HKDF(void)
  1143. {
  1144. EVP_PKEY_CTX *pctx;
  1145. unsigned char out[20];
  1146. size_t outlen;
  1147. int ret = 0;
  1148. unsigned char salt[] = "9876543210";
  1149. unsigned char key[] = "";
  1150. unsigned char info[] = "stringinfo";
  1151. const unsigned char expected[] = {
  1152. 0x68, 0x81, 0xa5, 0x3e, 0x5b, 0x9c, 0x7b, 0x6f, 0x2e, 0xec, 0xc8, 0x47,
  1153. 0x7c, 0xfa, 0x47, 0x35, 0x66, 0x82, 0x15, 0x30
  1154. };
  1155. size_t expectedlen = sizeof(expected);
  1156. if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_HKDF, NULL)))
  1157. goto done;
  1158. outlen = sizeof(out);
  1159. memset(out, 0, outlen);
  1160. if (!TEST_int_gt(EVP_PKEY_derive_init(pctx), 0)
  1161. || !TEST_int_gt(EVP_PKEY_CTX_set_hkdf_md(pctx, EVP_sha256()), 0)
  1162. || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_salt(pctx, salt,
  1163. sizeof(salt) - 1), 0)
  1164. || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_key(pctx, key,
  1165. sizeof(key) - 1), 0)
  1166. || !TEST_int_gt(EVP_PKEY_CTX_add1_hkdf_info(pctx, info,
  1167. sizeof(info) - 1), 0)
  1168. || !TEST_int_gt(EVP_PKEY_derive(pctx, out, &outlen), 0)
  1169. || !TEST_mem_eq(out, outlen, expected, expectedlen))
  1170. goto done;
  1171. ret = 1;
  1172. done:
  1173. EVP_PKEY_CTX_free(pctx);
  1174. return ret;
  1175. }
  1176. #ifndef OPENSSL_NO_EC
  1177. static int test_X509_PUBKEY_inplace(void)
  1178. {
  1179. int ret = 0;
  1180. X509_PUBKEY *xp = NULL;
  1181. const unsigned char *p = kExampleECPubKeyDER;
  1182. size_t input_len = sizeof(kExampleECPubKeyDER);
  1183. if (!TEST_ptr(xp = d2i_X509_PUBKEY(NULL, &p, input_len)))
  1184. goto done;
  1185. if (!TEST_ptr(X509_PUBKEY_get0(xp)))
  1186. goto done;
  1187. p = kExampleBadECPubKeyDER;
  1188. input_len = sizeof(kExampleBadECPubKeyDER);
  1189. if (!TEST_ptr(xp = d2i_X509_PUBKEY(&xp, &p, input_len)))
  1190. goto done;
  1191. if (!TEST_true(X509_PUBKEY_get0(xp) == NULL))
  1192. goto done;
  1193. ret = 1;
  1194. done:
  1195. X509_PUBKEY_free(xp);
  1196. return ret;
  1197. }
  1198. #endif /* OPENSSL_NO_EC */
  1199. /* Test getting and setting parameters on an EVP_PKEY_CTX */
  1200. static int test_EVP_PKEY_CTX_get_set_params(EVP_PKEY *pkey)
  1201. {
  1202. EVP_MD_CTX *mdctx = NULL;
  1203. EVP_PKEY_CTX *ctx = NULL;
  1204. const OSSL_PARAM *params;
  1205. OSSL_PARAM ourparams[2], *param = ourparams, *param_md;
  1206. int ret = 0;
  1207. const EVP_MD *md;
  1208. char mdname[OSSL_MAX_NAME_SIZE];
  1209. char ssl3ms[48];
  1210. /* Initialise a sign operation */
  1211. ctx = EVP_PKEY_CTX_new(pkey, NULL);
  1212. if (!TEST_ptr(ctx)
  1213. || !TEST_int_gt(EVP_PKEY_sign_init(ctx), 0))
  1214. goto err;
  1215. /*
  1216. * We should be able to query the parameters now.
  1217. */
  1218. params = EVP_PKEY_CTX_settable_params(ctx);
  1219. if (!TEST_ptr(params)
  1220. || !TEST_ptr(OSSL_PARAM_locate_const(params,
  1221. OSSL_SIGNATURE_PARAM_DIGEST)))
  1222. goto err;
  1223. params = EVP_PKEY_CTX_gettable_params(ctx);
  1224. if (!TEST_ptr(params)
  1225. || !TEST_ptr(OSSL_PARAM_locate_const(params,
  1226. OSSL_SIGNATURE_PARAM_ALGORITHM_ID))
  1227. || !TEST_ptr(OSSL_PARAM_locate_const(params,
  1228. OSSL_SIGNATURE_PARAM_DIGEST)))
  1229. goto err;
  1230. /*
  1231. * Test getting and setting params via EVP_PKEY_CTX_set_params() and
  1232. * EVP_PKEY_CTX_get_params()
  1233. */
  1234. strcpy(mdname, "SHA512");
  1235. param_md = param;
  1236. *param++ = OSSL_PARAM_construct_utf8_string(OSSL_SIGNATURE_PARAM_DIGEST,
  1237. mdname, 0);
  1238. *param++ = OSSL_PARAM_construct_end();
  1239. if (!TEST_true(EVP_PKEY_CTX_set_params(ctx, ourparams)))
  1240. goto err;
  1241. mdname[0] = '\0';
  1242. *param_md = OSSL_PARAM_construct_utf8_string(OSSL_SIGNATURE_PARAM_DIGEST,
  1243. mdname, sizeof(mdname));
  1244. if (!TEST_true(EVP_PKEY_CTX_get_params(ctx, ourparams))
  1245. || !TEST_str_eq(mdname, "SHA512"))
  1246. goto err;
  1247. /*
  1248. * Test the TEST_PKEY_CTX_set_signature_md() and
  1249. * TEST_PKEY_CTX_get_signature_md() functions
  1250. */
  1251. if (!TEST_int_gt(EVP_PKEY_CTX_set_signature_md(ctx, EVP_sha256()), 0)
  1252. || !TEST_int_gt(EVP_PKEY_CTX_get_signature_md(ctx, &md), 0)
  1253. || !TEST_ptr_eq(md, EVP_sha256()))
  1254. goto err;
  1255. /*
  1256. * Test getting MD parameters via an associated EVP_PKEY_CTX
  1257. */
  1258. mdctx = EVP_MD_CTX_new();
  1259. if (!TEST_ptr(mdctx)
  1260. || !TEST_true(EVP_DigestSignInit_ex(mdctx, NULL, "SHA1", NULL, pkey,
  1261. NULL)))
  1262. goto err;
  1263. /*
  1264. * We now have an EVP_MD_CTX with an EVP_PKEY_CTX inside it. We should be
  1265. * able to obtain the digest's settable parameters from the provider.
  1266. */
  1267. params = EVP_MD_CTX_settable_params(mdctx);
  1268. if (!TEST_ptr(params)
  1269. || !TEST_int_eq(strcmp(params[0].key, OSSL_DIGEST_PARAM_SSL3_MS), 0)
  1270. /* The final key should be NULL */
  1271. || !TEST_ptr_null(params[1].key))
  1272. goto err;
  1273. param = ourparams;
  1274. memset(ssl3ms, 0, sizeof(ssl3ms));
  1275. *param++ = OSSL_PARAM_construct_octet_string(OSSL_DIGEST_PARAM_SSL3_MS,
  1276. ssl3ms, sizeof(ssl3ms));
  1277. *param++ = OSSL_PARAM_construct_end();
  1278. if (!TEST_true(EVP_MD_CTX_set_params(mdctx, ourparams)))
  1279. goto err;
  1280. ret = 1;
  1281. err:
  1282. EVP_MD_CTX_free(mdctx);
  1283. EVP_PKEY_CTX_free(ctx);
  1284. return ret;
  1285. }
  1286. #ifndef OPENSSL_NO_DSA
  1287. static int test_DSA_get_set_params(void)
  1288. {
  1289. DSA *dsa = NULL;
  1290. BIGNUM *p = NULL, *q = NULL, *g = NULL, *pub = NULL, *priv = NULL;
  1291. EVP_PKEY *pkey = NULL;
  1292. int ret = 0;
  1293. /*
  1294. * Setup the parameters for our DSA object. For our purposes they don't
  1295. * have to actually be *valid* parameters. We just need to set something.
  1296. */
  1297. dsa = DSA_new();
  1298. p = BN_new();
  1299. q = BN_new();
  1300. g = BN_new();
  1301. pub = BN_new();
  1302. priv = BN_new();
  1303. if (!TEST_ptr(dsa)
  1304. || !TEST_ptr(p)
  1305. || !TEST_ptr(q)
  1306. || !TEST_ptr(g)
  1307. || !TEST_ptr(pub)
  1308. || !DSA_set0_pqg(dsa, p, q, g)
  1309. || !DSA_set0_key(dsa, pub, priv))
  1310. goto err;
  1311. p = q = g = pub = priv = NULL;
  1312. pkey = EVP_PKEY_new();
  1313. if (!TEST_ptr(pkey)
  1314. || !TEST_true(EVP_PKEY_assign_DSA(pkey, dsa)))
  1315. goto err;
  1316. dsa = NULL;
  1317. ret = test_EVP_PKEY_CTX_get_set_params(pkey);
  1318. err:
  1319. EVP_PKEY_free(pkey);
  1320. DSA_free(dsa);
  1321. BN_free(p);
  1322. BN_free(q);
  1323. BN_free(g);
  1324. BN_free(pub);
  1325. BN_free(priv);
  1326. return ret;
  1327. }
  1328. #endif
  1329. static int test_RSA_get_set_params(void)
  1330. {
  1331. RSA *rsa = NULL;
  1332. BIGNUM *n = NULL, *e = NULL, *d = NULL;
  1333. EVP_PKEY *pkey = NULL;
  1334. int ret = 0;
  1335. /*
  1336. * Setup the parameters for our RSA object. For our purposes they don't
  1337. * have to actually be *valid* parameters. We just need to set something.
  1338. */
  1339. rsa = RSA_new();
  1340. n = BN_new();
  1341. e = BN_new();
  1342. d = BN_new();
  1343. if (!TEST_ptr(rsa)
  1344. || !TEST_ptr(n)
  1345. || !TEST_ptr(e)
  1346. || !TEST_ptr(d)
  1347. || !RSA_set0_key(rsa, n, e, d))
  1348. goto err;
  1349. n = e = d = NULL;
  1350. pkey = EVP_PKEY_new();
  1351. if (!TEST_ptr(pkey)
  1352. || !TEST_true(EVP_PKEY_assign_RSA(pkey, rsa)))
  1353. goto err;
  1354. rsa = NULL;
  1355. ret = test_EVP_PKEY_CTX_get_set_params(pkey);
  1356. err:
  1357. EVP_PKEY_free(pkey);
  1358. RSA_free(rsa);
  1359. BN_free(n);
  1360. BN_free(e);
  1361. BN_free(d);
  1362. return ret;
  1363. }
  1364. #if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
  1365. static int test_decrypt_null_chunks(void)
  1366. {
  1367. EVP_CIPHER_CTX* ctx = NULL;
  1368. const unsigned char key[32] = {
  1369. 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
  1370. 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
  1371. 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1
  1372. };
  1373. unsigned char iv[12] = {
  1374. 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b
  1375. };
  1376. unsigned char msg[] = "It was the best of times, it was the worst of times";
  1377. unsigned char ciphertext[80];
  1378. unsigned char plaintext[80];
  1379. /* We initialise tmp to a non zero value on purpose */
  1380. int ctlen, ptlen, tmp = 99;
  1381. int ret = 0;
  1382. const int enc_offset = 10, dec_offset = 20;
  1383. if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new())
  1384. || !TEST_true(EVP_EncryptInit_ex(ctx, EVP_chacha20_poly1305(), NULL,
  1385. key, iv))
  1386. || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext, &ctlen, msg,
  1387. enc_offset))
  1388. /* Deliberate add a zero length update */
  1389. || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext + ctlen, &tmp, NULL,
  1390. 0))
  1391. || !TEST_int_eq(tmp, 0)
  1392. || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext + ctlen, &tmp,
  1393. msg + enc_offset,
  1394. sizeof(msg) - enc_offset))
  1395. || !TEST_int_eq(ctlen += tmp, sizeof(msg))
  1396. || !TEST_true(EVP_EncryptFinal(ctx, ciphertext + ctlen, &tmp))
  1397. || !TEST_int_eq(tmp, 0))
  1398. goto err;
  1399. /* Deliberately initialise tmp to a non zero value */
  1400. tmp = 99;
  1401. if (!TEST_true(EVP_DecryptInit_ex(ctx, EVP_chacha20_poly1305(), NULL, key,
  1402. iv))
  1403. || !TEST_true(EVP_DecryptUpdate(ctx, plaintext, &ptlen, ciphertext,
  1404. dec_offset))
  1405. /*
  1406. * Deliberately add a zero length update. We also deliberately do
  1407. * this at a different offset than for encryption.
  1408. */
  1409. || !TEST_true(EVP_DecryptUpdate(ctx, plaintext + ptlen, &tmp, NULL,
  1410. 0))
  1411. || !TEST_int_eq(tmp, 0)
  1412. || !TEST_true(EVP_DecryptUpdate(ctx, plaintext + ptlen, &tmp,
  1413. ciphertext + dec_offset,
  1414. ctlen - dec_offset))
  1415. || !TEST_int_eq(ptlen += tmp, sizeof(msg))
  1416. || !TEST_true(EVP_DecryptFinal(ctx, plaintext + ptlen, &tmp))
  1417. || !TEST_int_eq(tmp, 0)
  1418. || !TEST_mem_eq(msg, sizeof(msg), plaintext, ptlen))
  1419. goto err;
  1420. ret = 1;
  1421. err:
  1422. EVP_CIPHER_CTX_free(ctx);
  1423. return ret;
  1424. }
  1425. #endif /* !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305) */
  1426. #ifndef OPENSSL_NO_DH
  1427. static int test_EVP_PKEY_set1_DH(void)
  1428. {
  1429. DH *x942dh = NULL, *noqdh = NULL;
  1430. EVP_PKEY *pkey1 = NULL, *pkey2 = NULL;
  1431. int ret = 0;
  1432. BIGNUM *p, *g = NULL;
  1433. if (!TEST_ptr(p = BN_new())
  1434. || !TEST_ptr(g = BN_new())
  1435. || !BN_set_word(p, 9999)
  1436. || !BN_set_word(g, 2)
  1437. || !TEST_ptr(noqdh = DH_new())
  1438. || !DH_set0_pqg(noqdh, p, NULL, g))
  1439. goto err;
  1440. p = g = NULL;
  1441. x942dh = DH_get_2048_256();
  1442. pkey1 = EVP_PKEY_new();
  1443. pkey2 = EVP_PKEY_new();
  1444. if (!TEST_ptr(x942dh)
  1445. || !TEST_ptr(noqdh)
  1446. || !TEST_ptr(pkey1)
  1447. || !TEST_ptr(pkey2))
  1448. goto err;
  1449. if(!TEST_true(EVP_PKEY_set1_DH(pkey1, x942dh))
  1450. || !TEST_int_eq(EVP_PKEY_id(pkey1), EVP_PKEY_DHX))
  1451. goto err;
  1452. if(!TEST_true(EVP_PKEY_set1_DH(pkey2, noqdh))
  1453. || !TEST_int_eq(EVP_PKEY_id(pkey2), EVP_PKEY_DH))
  1454. goto err;
  1455. ret = 1;
  1456. err:
  1457. BN_free(p);
  1458. BN_free(g);
  1459. EVP_PKEY_free(pkey1);
  1460. EVP_PKEY_free(pkey2);
  1461. DH_free(x942dh);
  1462. DH_free(noqdh);
  1463. return ret;
  1464. }
  1465. #endif
  1466. /*
  1467. * We test what happens with an empty template. For the sake of this test,
  1468. * the template must be ignored, and we know that's the case for RSA keys
  1469. * (this might arguably be a misfeature, but that's what we currently do,
  1470. * even in provider code, since that's how the legacy RSA implementation
  1471. * does things)
  1472. */
  1473. static int test_keygen_with_empty_template(int n)
  1474. {
  1475. EVP_PKEY_CTX *ctx = NULL;
  1476. EVP_PKEY *pkey = NULL;
  1477. EVP_PKEY *tkey = NULL;
  1478. int ret = 0;
  1479. switch (n) {
  1480. case 0:
  1481. /* We do test with no template at all as well */
  1482. if (!TEST_ptr(ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_RSA, NULL)))
  1483. goto err;
  1484. break;
  1485. case 1:
  1486. /* Here we create an empty RSA key that serves as our template */
  1487. if (!TEST_ptr(tkey = EVP_PKEY_new())
  1488. || !TEST_true(EVP_PKEY_set_type(tkey, EVP_PKEY_RSA))
  1489. || !TEST_ptr(ctx = EVP_PKEY_CTX_new(tkey, NULL)))
  1490. goto err;
  1491. break;
  1492. }
  1493. if (!TEST_int_gt(EVP_PKEY_keygen_init(ctx), 0)
  1494. || !TEST_int_gt(EVP_PKEY_keygen(ctx, &pkey), 0))
  1495. goto err;
  1496. ret = 1;
  1497. err:
  1498. EVP_PKEY_CTX_free(ctx);
  1499. EVP_PKEY_free(pkey);
  1500. EVP_PKEY_free(tkey);
  1501. return ret;
  1502. }
  1503. /*
  1504. * Test that we fail if we attempt to use an algorithm that is not available
  1505. * in the current library context (unless we are using an algorithm that should
  1506. * be made available via legacy codepaths).
  1507. */
  1508. static int test_pkey_ctx_fail_without_provider(int tst)
  1509. {
  1510. OPENSSL_CTX *tmpctx = OPENSSL_CTX_new();
  1511. OSSL_PROVIDER *nullprov = NULL;
  1512. EVP_PKEY_CTX *pctx = NULL;
  1513. int ret = 0;
  1514. if (!TEST_ptr(tmpctx))
  1515. goto err;
  1516. nullprov = OSSL_PROVIDER_load(tmpctx, "null");
  1517. if (!TEST_ptr(nullprov))
  1518. goto err;
  1519. pctx = EVP_PKEY_CTX_new_from_name(tmpctx, tst == 0 ? "RSA" : "HMAC", "");
  1520. /* RSA is not available via any provider so we expect this to fail */
  1521. if (tst == 0 && !TEST_ptr_null(pctx))
  1522. goto err;
  1523. /*
  1524. * HMAC is always available because it is implemented via legacy codepaths
  1525. * and not in a provider at all. We expect this to pass.
  1526. */
  1527. if (tst == 1 && !TEST_ptr(pctx))
  1528. goto err;
  1529. ret = 1;
  1530. err:
  1531. EVP_PKEY_CTX_free(pctx);
  1532. OSSL_PROVIDER_unload(nullprov);
  1533. OPENSSL_CTX_free(tmpctx);
  1534. return ret;
  1535. }
  1536. static int test_rand_agglomeration(void)
  1537. {
  1538. EVP_RAND *rand;
  1539. EVP_RAND_CTX *ctx;
  1540. OSSL_PARAM params[3], *p = params;
  1541. int res;
  1542. unsigned int step = 7;
  1543. static unsigned char seed[] = "It does not matter how slowly you go "
  1544. "as long as you do not stop.";
  1545. unsigned char out[sizeof(seed)];
  1546. if (!TEST_int_ne(sizeof(seed) % step, 0)
  1547. || !TEST_ptr(rand = EVP_RAND_fetch(NULL, "TEST-RAND", NULL)))
  1548. return 0;
  1549. ctx = EVP_RAND_CTX_new(rand, NULL);
  1550. EVP_RAND_free(rand);
  1551. if (!TEST_ptr(ctx))
  1552. return 0;
  1553. memset(out, 0, sizeof(out));
  1554. *p++ = OSSL_PARAM_construct_octet_string(OSSL_RAND_PARAM_TEST_ENTROPY,
  1555. seed, sizeof(seed));
  1556. *p++ = OSSL_PARAM_construct_uint(OSSL_DRBG_PARAM_MAX_REQUEST, &step);
  1557. *p = OSSL_PARAM_construct_end();
  1558. res = TEST_true(EVP_RAND_set_ctx_params(ctx, params))
  1559. && TEST_true(EVP_RAND_generate(ctx, out, sizeof(out), 0, 1, NULL, 0))
  1560. && TEST_mem_eq(seed, sizeof(seed), out, sizeof(out));
  1561. EVP_RAND_CTX_free(ctx);
  1562. return res;
  1563. }
  1564. int setup_tests(void)
  1565. {
  1566. testctx = OPENSSL_CTX_new();
  1567. if (!TEST_ptr(testctx))
  1568. return 0;
  1569. ADD_TEST(test_EVP_set_default_properties);
  1570. ADD_ALL_TESTS(test_EVP_DigestSignInit, 9);
  1571. ADD_TEST(test_EVP_DigestVerifyInit);
  1572. ADD_TEST(test_EVP_Enveloped);
  1573. ADD_ALL_TESTS(test_d2i_AutoPrivateKey, OSSL_NELEM(keydata));
  1574. ADD_TEST(test_privatekey_to_pkcs8);
  1575. #ifndef OPENSSL_NO_EC
  1576. ADD_TEST(test_EVP_PKCS82PKEY);
  1577. #endif
  1578. #if !defined(OPENSSL_NO_SM2) && !defined(FIPS_MODULE)
  1579. ADD_TEST(test_EVP_SM2);
  1580. ADD_TEST(test_EVP_SM2_verify);
  1581. #endif
  1582. ADD_ALL_TESTS(test_set_get_raw_keys, OSSL_NELEM(keys));
  1583. custom_pmeth = EVP_PKEY_meth_new(0xdefaced, 0);
  1584. if (!TEST_ptr(custom_pmeth))
  1585. return 0;
  1586. EVP_PKEY_meth_set_check(custom_pmeth, pkey_custom_check);
  1587. EVP_PKEY_meth_set_public_check(custom_pmeth, pkey_custom_pub_check);
  1588. EVP_PKEY_meth_set_param_check(custom_pmeth, pkey_custom_param_check);
  1589. if (!TEST_int_eq(EVP_PKEY_meth_add0(custom_pmeth), 1))
  1590. return 0;
  1591. ADD_ALL_TESTS(test_EVP_PKEY_check, OSSL_NELEM(keycheckdata));
  1592. #ifndef OPENSSL_NO_CMAC
  1593. ADD_TEST(test_CMAC_keygen);
  1594. #endif
  1595. ADD_TEST(test_HKDF);
  1596. ADD_TEST(test_emptyikm_HKDF);
  1597. #ifndef OPENSSL_NO_EC
  1598. ADD_TEST(test_X509_PUBKEY_inplace);
  1599. ADD_ALL_TESTS(test_invalide_ec_char2_pub_range_decode,
  1600. OSSL_NELEM(ec_der_pub_keys));
  1601. #endif
  1602. #ifndef OPENSSL_NO_DSA
  1603. ADD_TEST(test_DSA_get_set_params);
  1604. #endif
  1605. ADD_TEST(test_RSA_get_set_params);
  1606. #if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
  1607. ADD_TEST(test_decrypt_null_chunks);
  1608. #endif
  1609. #ifndef OPENSSL_NO_DH
  1610. ADD_TEST(test_EVP_PKEY_set1_DH);
  1611. #endif
  1612. ADD_ALL_TESTS(test_keygen_with_empty_template, 2);
  1613. ADD_ALL_TESTS(test_pkey_ctx_fail_without_provider, 2);
  1614. ADD_TEST(test_rand_agglomeration);
  1615. return 1;
  1616. }
  1617. void cleanup_tests(void)
  1618. {
  1619. OPENSSL_CTX_free(testctx);
  1620. }