2 * Copyright 2015-2021 The OpenSSL Project Authors. All Rights Reserved.
4 * Licensed under the OpenSSL license (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
13 #include <openssl/bio.h>
14 #include <openssl/crypto.h>
15 #include <openssl/err.h>
16 #include <openssl/evp.h>
17 #include <openssl/rsa.h>
18 #include <openssl/x509.h>
19 #include <openssl/pem.h>
20 #include <openssl/kdf.h>
21 #include <openssl/dh.h>
23 #include "internal/nelem.h"
24 #include "crypto/evp.h"
27 * kExampleRSAKeyDER is an RSA private key in ASN.1, DER format. Of course, you
28 * should never use this key anywhere but in an example.
30 static const unsigned char kExampleRSAKeyDER[] = {
31 0x30, 0x82, 0x02, 0x5c, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81, 0x00, 0xf8,
32 0xb8, 0x6c, 0x83, 0xb4, 0xbc, 0xd9, 0xa8, 0x57, 0xc0, 0xa5, 0xb4, 0x59,
33 0x76, 0x8c, 0x54, 0x1d, 0x79, 0xeb, 0x22, 0x52, 0x04, 0x7e, 0xd3, 0x37,
34 0xeb, 0x41, 0xfd, 0x83, 0xf9, 0xf0, 0xa6, 0x85, 0x15, 0x34, 0x75, 0x71,
35 0x5a, 0x84, 0xa8, 0x3c, 0xd2, 0xef, 0x5a, 0x4e, 0xd3, 0xde, 0x97, 0x8a,
36 0xdd, 0xff, 0xbb, 0xcf, 0x0a, 0xaa, 0x86, 0x92, 0xbe, 0xb8, 0x50, 0xe4,
37 0xcd, 0x6f, 0x80, 0x33, 0x30, 0x76, 0x13, 0x8f, 0xca, 0x7b, 0xdc, 0xec,
38 0x5a, 0xca, 0x63, 0xc7, 0x03, 0x25, 0xef, 0xa8, 0x8a, 0x83, 0x58, 0x76,
39 0x20, 0xfa, 0x16, 0x77, 0xd7, 0x79, 0x92, 0x63, 0x01, 0x48, 0x1a, 0xd8,
40 0x7b, 0x67, 0xf1, 0x52, 0x55, 0x49, 0x4e, 0xd6, 0x6e, 0x4a, 0x5c, 0xd7,
41 0x7a, 0x37, 0x36, 0x0c, 0xde, 0xdd, 0x8f, 0x44, 0xe8, 0xc2, 0xa7, 0x2c,
42 0x2b, 0xb5, 0xaf, 0x64, 0x4b, 0x61, 0x07, 0x02, 0x03, 0x01, 0x00, 0x01,
43 0x02, 0x81, 0x80, 0x74, 0x88, 0x64, 0x3f, 0x69, 0x45, 0x3a, 0x6d, 0xc7,
44 0x7f, 0xb9, 0xa3, 0xc0, 0x6e, 0xec, 0xdc, 0xd4, 0x5a, 0xb5, 0x32, 0x85,
45 0x5f, 0x19, 0xd4, 0xf8, 0xd4, 0x3f, 0x3c, 0xfa, 0xc2, 0xf6, 0x5f, 0xee,
46 0xe6, 0xba, 0x87, 0x74, 0x2e, 0xc7, 0x0c, 0xd4, 0x42, 0xb8, 0x66, 0x85,
47 0x9c, 0x7b, 0x24, 0x61, 0xaa, 0x16, 0x11, 0xf6, 0xb5, 0xb6, 0xa4, 0x0a,
48 0xc9, 0x55, 0x2e, 0x81, 0xa5, 0x47, 0x61, 0xcb, 0x25, 0x8f, 0xc2, 0x15,
49 0x7b, 0x0e, 0x7c, 0x36, 0x9f, 0x3a, 0xda, 0x58, 0x86, 0x1c, 0x5b, 0x83,
50 0x79, 0xe6, 0x2b, 0xcc, 0xe6, 0xfa, 0x2c, 0x61, 0xf2, 0x78, 0x80, 0x1b,
51 0xe2, 0xf3, 0x9d, 0x39, 0x2b, 0x65, 0x57, 0x91, 0x3d, 0x71, 0x99, 0x73,
52 0xa5, 0xc2, 0x79, 0x20, 0x8c, 0x07, 0x4f, 0xe5, 0xb4, 0x60, 0x1f, 0x99,
53 0xa2, 0xb1, 0x4f, 0x0c, 0xef, 0xbc, 0x59, 0x53, 0x00, 0x7d, 0xb1, 0x02,
54 0x41, 0x00, 0xfc, 0x7e, 0x23, 0x65, 0x70, 0xf8, 0xce, 0xd3, 0x40, 0x41,
55 0x80, 0x6a, 0x1d, 0x01, 0xd6, 0x01, 0xff, 0xb6, 0x1b, 0x3d, 0x3d, 0x59,
56 0x09, 0x33, 0x79, 0xc0, 0x4f, 0xde, 0x96, 0x27, 0x4b, 0x18, 0xc6, 0xd9,
57 0x78, 0xf1, 0xf4, 0x35, 0x46, 0xe9, 0x7c, 0x42, 0x7a, 0x5d, 0x9f, 0xef,
58 0x54, 0xb8, 0xf7, 0x9f, 0xc4, 0x33, 0x6c, 0xf3, 0x8c, 0x32, 0x46, 0x87,
59 0x67, 0x30, 0x7b, 0xa7, 0xac, 0xe3, 0x02, 0x41, 0x00, 0xfc, 0x2c, 0xdf,
60 0x0c, 0x0d, 0x88, 0xf5, 0xb1, 0x92, 0xa8, 0x93, 0x47, 0x63, 0x55, 0xf5,
61 0xca, 0x58, 0x43, 0xba, 0x1c, 0xe5, 0x9e, 0xb6, 0x95, 0x05, 0xcd, 0xb5,
62 0x82, 0xdf, 0xeb, 0x04, 0x53, 0x9d, 0xbd, 0xc2, 0x38, 0x16, 0xb3, 0x62,
63 0xdd, 0xa1, 0x46, 0xdb, 0x6d, 0x97, 0x93, 0x9f, 0x8a, 0xc3, 0x9b, 0x64,
64 0x7e, 0x42, 0xe3, 0x32, 0x57, 0x19, 0x1b, 0xd5, 0x6e, 0x85, 0xfa, 0xb8,
65 0x8d, 0x02, 0x41, 0x00, 0xbc, 0x3d, 0xde, 0x6d, 0xd6, 0x97, 0xe8, 0xba,
66 0x9e, 0x81, 0x37, 0x17, 0xe5, 0xa0, 0x64, 0xc9, 0x00, 0xb7, 0xe7, 0xfe,
67 0xf4, 0x29, 0xd9, 0x2e, 0x43, 0x6b, 0x19, 0x20, 0xbd, 0x99, 0x75, 0xe7,
68 0x76, 0xf8, 0xd3, 0xae, 0xaf, 0x7e, 0xb8, 0xeb, 0x81, 0xf4, 0x9d, 0xfe,
69 0x07, 0x2b, 0x0b, 0x63, 0x0b, 0x5a, 0x55, 0x90, 0x71, 0x7d, 0xf1, 0xdb,
70 0xd9, 0xb1, 0x41, 0x41, 0x68, 0x2f, 0x4e, 0x39, 0x02, 0x40, 0x5a, 0x34,
71 0x66, 0xd8, 0xf5, 0xe2, 0x7f, 0x18, 0xb5, 0x00, 0x6e, 0x26, 0x84, 0x27,
72 0x14, 0x93, 0xfb, 0xfc, 0xc6, 0x0f, 0x5e, 0x27, 0xe6, 0xe1, 0xe9, 0xc0,
73 0x8a, 0xe4, 0x34, 0xda, 0xe9, 0xa2, 0x4b, 0x73, 0xbc, 0x8c, 0xb9, 0xba,
74 0x13, 0x6c, 0x7a, 0x2b, 0x51, 0x84, 0xa3, 0x4a, 0xe0, 0x30, 0x10, 0x06,
75 0x7e, 0xed, 0x17, 0x5a, 0x14, 0x00, 0xc9, 0xef, 0x85, 0xea, 0x52, 0x2c,
76 0xbc, 0x65, 0x02, 0x40, 0x51, 0xe3, 0xf2, 0x83, 0x19, 0x9b, 0xc4, 0x1e,
77 0x2f, 0x50, 0x3d, 0xdf, 0x5a, 0xa2, 0x18, 0xca, 0x5f, 0x2e, 0x49, 0xaf,
78 0x6f, 0xcc, 0xfa, 0x65, 0x77, 0x94, 0xb5, 0xa1, 0x0a, 0xa9, 0xd1, 0x8a,
79 0x39, 0x37, 0xf4, 0x0b, 0xa0, 0xd7, 0x82, 0x27, 0x5e, 0xae, 0x17, 0x17,
80 0xa1, 0x1e, 0x54, 0x34, 0xbf, 0x6e, 0xc4, 0x8e, 0x99, 0x5d, 0x08, 0xf1,
81 0x2d, 0x86, 0x9d, 0xa5, 0x20, 0x1b, 0xe5, 0xdf,
85 * kExampleBadRSAKeyDER is an RSA private key in ASN.1, DER format. The private
86 * components are not correct.
88 static const unsigned char kExampleBadRSAKeyDER[] = {
89 0x30, 0x82, 0x04, 0x27, 0x02, 0x01, 0x00, 0x02, 0x82, 0x01, 0x01, 0x00,
90 0xa6, 0x1a, 0x1e, 0x6e, 0x7b, 0xee, 0xc6, 0x89, 0x66, 0xe7, 0x93, 0xef,
91 0x54, 0x12, 0x68, 0xea, 0xbf, 0x86, 0x2f, 0xdd, 0xd2, 0x79, 0xb8, 0xa9,
92 0x6e, 0x03, 0xc2, 0xa3, 0xb9, 0xa3, 0xe1, 0x4b, 0x2a, 0xb3, 0xf8, 0xb4,
93 0xcd, 0xea, 0xbe, 0x24, 0xa6, 0x57, 0x5b, 0x83, 0x1f, 0x0f, 0xf2, 0xd3,
94 0xb7, 0xac, 0x7e, 0xd6, 0x8e, 0x6e, 0x1e, 0xbf, 0xb8, 0x73, 0x8c, 0x05,
95 0x56, 0xe6, 0x35, 0x1f, 0xe9, 0x04, 0x0b, 0x09, 0x86, 0x7d, 0xf1, 0x26,
96 0x08, 0x99, 0xad, 0x7b, 0xc8, 0x4d, 0x94, 0xb0, 0x0b, 0x8b, 0x38, 0xa0,
97 0x5c, 0x62, 0xa0, 0xab, 0xd3, 0x8f, 0xd4, 0x09, 0x60, 0x72, 0x1e, 0x33,
98 0x50, 0x80, 0x6e, 0x22, 0xa6, 0x77, 0x57, 0x6b, 0x9a, 0x33, 0x21, 0x66,
99 0x87, 0x6e, 0x21, 0x7b, 0xc7, 0x24, 0x0e, 0xd8, 0x13, 0xdf, 0x83, 0xde,
100 0xcd, 0x40, 0x58, 0x1d, 0x84, 0x86, 0xeb, 0xb8, 0x12, 0x4e, 0xd2, 0xfa,
101 0x80, 0x1f, 0xe4, 0xe7, 0x96, 0x29, 0xb8, 0xcc, 0xce, 0x66, 0x6d, 0x53,
102 0xca, 0xb9, 0x5a, 0xd7, 0xf6, 0x84, 0x6c, 0x2d, 0x9a, 0x1a, 0x14, 0x1c,
103 0x4e, 0x93, 0x39, 0xba, 0x74, 0xed, 0xed, 0x87, 0x87, 0x5e, 0x48, 0x75,
104 0x36, 0xf0, 0xbc, 0x34, 0xfb, 0x29, 0xf9, 0x9f, 0x96, 0x5b, 0x0b, 0xa7,
105 0x54, 0x30, 0x51, 0x29, 0x18, 0x5b, 0x7d, 0xac, 0x0f, 0xd6, 0x5f, 0x7c,
106 0xf8, 0x98, 0x8c, 0xd8, 0x86, 0x62, 0xb3, 0xdc, 0xff, 0x0f, 0xff, 0x7a,
107 0xaf, 0x5c, 0x4c, 0x61, 0x49, 0x2e, 0xc8, 0x95, 0x86, 0xc4, 0x0e, 0x87,
108 0xfc, 0x1d, 0xcf, 0x8b, 0x7c, 0x61, 0xf6, 0xd8, 0xd0, 0x69, 0xf6, 0xcd,
109 0x8a, 0x8c, 0xf6, 0x62, 0xa2, 0x56, 0xa9, 0xe3, 0xd1, 0xcf, 0x4d, 0xa0,
110 0xf6, 0x2d, 0x20, 0x0a, 0x04, 0xb7, 0xa2, 0xf7, 0xb5, 0x99, 0x47, 0x18,
111 0x56, 0x85, 0x87, 0xc7, 0x02, 0x03, 0x01, 0x00, 0x01, 0x02, 0x82, 0x01,
112 0x01, 0x00, 0x99, 0x41, 0x38, 0x1a, 0xd0, 0x96, 0x7a, 0xf0, 0x83, 0xd5,
113 0xdf, 0x94, 0xce, 0x89, 0x3d, 0xec, 0x7a, 0x52, 0x21, 0x10, 0x16, 0x06,
114 0xe0, 0xee, 0xd2, 0xe6, 0xfd, 0x4b, 0x7b, 0x19, 0x4d, 0xe1, 0xc0, 0xc0,
115 0xd5, 0x14, 0x5d, 0x79, 0xdd, 0x7e, 0x8b, 0x4b, 0xc6, 0xcf, 0xb0, 0x75,
116 0x52, 0xa3, 0x2d, 0xb1, 0x26, 0x46, 0x68, 0x9c, 0x0a, 0x1a, 0xf2, 0xe1,
117 0x09, 0xac, 0x53, 0x85, 0x8c, 0x36, 0xa9, 0x14, 0x65, 0xea, 0xa0, 0x00,
118 0xcb, 0xe3, 0x3f, 0xc4, 0x2b, 0x61, 0x2e, 0x6b, 0x06, 0x69, 0x77, 0xfd,
119 0x38, 0x7e, 0x1d, 0x3f, 0x92, 0xe7, 0x77, 0x08, 0x19, 0xa7, 0x9d, 0x29,
120 0x2d, 0xdc, 0x42, 0xc6, 0x7c, 0xd7, 0xd3, 0xa8, 0x01, 0x2c, 0xf2, 0xd5,
121 0x82, 0x57, 0xcb, 0x55, 0x3d, 0xe7, 0xaa, 0xd2, 0x06, 0x30, 0x30, 0x05,
122 0xe6, 0xf2, 0x47, 0x86, 0xba, 0xc6, 0x61, 0x64, 0xeb, 0x4f, 0x2a, 0x5e,
123 0x07, 0x29, 0xe0, 0x96, 0xb2, 0x43, 0xff, 0x5f, 0x1a, 0x54, 0x16, 0xcf,
124 0xb5, 0x56, 0x5c, 0xa0, 0x9b, 0x0c, 0xfd, 0xb3, 0xd2, 0xe3, 0x79, 0x1d,
125 0x21, 0xe2, 0xd6, 0x13, 0xc4, 0x74, 0xa6, 0xf5, 0x8e, 0x8e, 0x81, 0xbb,
126 0xb4, 0xad, 0x8a, 0xf0, 0x93, 0x0a, 0xd8, 0x0a, 0x42, 0x36, 0xbc, 0xe5,
127 0x26, 0x2a, 0x0d, 0x5d, 0x57, 0x13, 0xc5, 0x4e, 0x2f, 0x12, 0x0e, 0xef,
128 0xa7, 0x81, 0x1e, 0xc3, 0xa5, 0xdb, 0xc9, 0x24, 0xeb, 0x1a, 0xa1, 0xf9,
129 0xf6, 0xa1, 0x78, 0x98, 0x93, 0x77, 0x42, 0x45, 0x03, 0xe2, 0xc9, 0xa2,
130 0xfe, 0x2d, 0x77, 0xc8, 0xc6, 0xac, 0x9b, 0x98, 0x89, 0x6d, 0x9a, 0xe7,
131 0x61, 0x63, 0xb7, 0xf2, 0xec, 0xd6, 0xb1, 0xa1, 0x6e, 0x0a, 0x1a, 0xff,
132 0xfd, 0x43, 0x28, 0xc3, 0x0c, 0xdc, 0xf2, 0x47, 0x4f, 0x27, 0xaa, 0x99,
133 0x04, 0x8e, 0xac, 0xe8, 0x7c, 0x01, 0x02, 0x04, 0x12, 0x34, 0x56, 0x78,
134 0x02, 0x81, 0x81, 0x00, 0xca, 0x69, 0xe5, 0xbb, 0x3a, 0x90, 0x82, 0xcb,
135 0x82, 0x50, 0x2f, 0x29, 0xe2, 0x76, 0x6a, 0x57, 0x55, 0x45, 0x4e, 0x35,
136 0x18, 0x61, 0xe0, 0x12, 0x70, 0xc0, 0xab, 0xc7, 0x80, 0xa2, 0xd4, 0x46,
137 0x34, 0x03, 0xa0, 0x19, 0x26, 0x23, 0x9e, 0xef, 0x1a, 0xcb, 0x75, 0xd6,
138 0xba, 0x81, 0xf4, 0x7e, 0x52, 0xe5, 0x2a, 0xe8, 0xf1, 0x49, 0x6c, 0x0f,
139 0x1a, 0xa0, 0xf9, 0xc6, 0xe7, 0xec, 0x60, 0xe4, 0xcb, 0x2a, 0xb5, 0x56,
140 0xe9, 0x9c, 0xcd, 0x19, 0x75, 0x92, 0xb1, 0x66, 0xce, 0xc3, 0xd9, 0x3d,
141 0x11, 0xcb, 0xc4, 0x09, 0xce, 0x1e, 0x30, 0xba, 0x2f, 0x60, 0x60, 0x55,
142 0x8d, 0x02, 0xdc, 0x5d, 0xaf, 0xf7, 0x52, 0x31, 0x17, 0x07, 0x53, 0x20,
143 0x33, 0xad, 0x8c, 0xd5, 0x2f, 0x5a, 0xd0, 0x57, 0xd7, 0xd1, 0x80, 0xd6,
144 0x3a, 0x9b, 0x04, 0x4f, 0x35, 0xbf, 0xe7, 0xd5, 0xbc, 0x8f, 0xd4, 0x81,
145 0x02, 0x81, 0x81, 0x00, 0xc0, 0x9f, 0xf8, 0xcd, 0xf7, 0x3f, 0x26, 0x8a,
146 0x3d, 0x4d, 0x2b, 0x0c, 0x01, 0xd0, 0xa2, 0xb4, 0x18, 0xfe, 0xf7, 0x5e,
147 0x2f, 0x06, 0x13, 0xcd, 0x63, 0xaa, 0x12, 0xa9, 0x24, 0x86, 0xe3, 0xf3,
148 0x7b, 0xda, 0x1a, 0x3c, 0xb1, 0x38, 0x80, 0x80, 0xef, 0x64, 0x64, 0xa1,
149 0x9b, 0xfe, 0x76, 0x63, 0x8e, 0x83, 0xd2, 0xd9, 0xb9, 0x86, 0xb0, 0xe6,
150 0xa6, 0x0c, 0x7e, 0xa8, 0x84, 0x90, 0x98, 0x0c, 0x1e, 0xf3, 0x14, 0x77,
151 0xe0, 0x5f, 0x81, 0x08, 0x11, 0x8f, 0xa6, 0x23, 0xc4, 0xba, 0xc0, 0x8a,
152 0xe4, 0xc6, 0xe3, 0x5c, 0xbe, 0xc5, 0xec, 0x2c, 0xb9, 0xd8, 0x8c, 0x4d,
153 0x1a, 0x9d, 0xe7, 0x7c, 0x85, 0x4c, 0x0d, 0x71, 0x4e, 0x72, 0x33, 0x1b,
154 0xfe, 0xa9, 0x17, 0x72, 0x76, 0x56, 0x9d, 0x74, 0x7e, 0x52, 0x67, 0x9a,
155 0x87, 0x9a, 0xdb, 0x30, 0xde, 0xe4, 0x49, 0x28, 0x3b, 0xd2, 0x67, 0xaf,
156 0x02, 0x81, 0x81, 0x00, 0x89, 0x74, 0x9a, 0x8e, 0xa7, 0xb9, 0xa5, 0x28,
157 0xc0, 0x68, 0xe5, 0x6e, 0x63, 0x1c, 0x99, 0x20, 0x8f, 0x86, 0x8e, 0x12,
158 0x9e, 0x69, 0x30, 0xfa, 0x34, 0xd9, 0x92, 0x8d, 0xdb, 0x7c, 0x37, 0xfd,
159 0x28, 0xab, 0x61, 0x98, 0x52, 0x7f, 0x14, 0x1a, 0x39, 0xae, 0xfb, 0x6a,
160 0x03, 0xa3, 0xe6, 0xbd, 0xb6, 0x5b, 0x6b, 0xe5, 0x5e, 0x9d, 0xc6, 0xa5,
161 0x07, 0x27, 0x54, 0x17, 0xd0, 0x3d, 0x84, 0x9b, 0x3a, 0xa0, 0xd9, 0x1e,
162 0x99, 0x6c, 0x63, 0x17, 0xab, 0xf1, 0x1f, 0x49, 0xba, 0x95, 0xe3, 0x3b,
163 0x86, 0x8f, 0x42, 0xa4, 0x89, 0xf5, 0x94, 0x8f, 0x8b, 0x46, 0xbe, 0x84,
164 0xba, 0x4a, 0xbc, 0x0d, 0x5f, 0x46, 0xeb, 0xe8, 0xec, 0x43, 0x8c, 0x1e,
165 0xad, 0x19, 0x69, 0x2f, 0x08, 0x86, 0x7a, 0x3f, 0x7d, 0x0f, 0x07, 0x97,
166 0xf3, 0x9a, 0x7b, 0xb5, 0xb2, 0xc1, 0x8c, 0x95, 0x68, 0x04, 0xa0, 0x81,
167 0x02, 0x81, 0x80, 0x4e, 0xbf, 0x7e, 0x1b, 0xcb, 0x13, 0x61, 0x75, 0x3b,
168 0xdb, 0x59, 0x5f, 0xb1, 0xd4, 0xb8, 0xeb, 0x9e, 0x73, 0xb5, 0xe7, 0xf6,
169 0x89, 0x3d, 0x1c, 0xda, 0xf0, 0x36, 0xff, 0x35, 0xbd, 0x1e, 0x0b, 0x74,
170 0xe3, 0x9e, 0xf0, 0xf2, 0xf7, 0xd7, 0x82, 0xb7, 0x7b, 0x6a, 0x1b, 0x0e,
171 0x30, 0x4a, 0x98, 0x0e, 0xb4, 0xf9, 0x81, 0x07, 0xe4, 0x75, 0x39, 0xe9,
172 0x53, 0xca, 0xbb, 0x5c, 0xaa, 0x93, 0x07, 0x0e, 0xa8, 0x2f, 0xba, 0x98,
173 0x49, 0x30, 0xa7, 0xcc, 0x1a, 0x3c, 0x68, 0x0c, 0xe1, 0xa4, 0xb1, 0x05,
174 0xe6, 0xe0, 0x25, 0x78, 0x58, 0x14, 0x37, 0xf5, 0x1f, 0xe3, 0x22, 0xef,
175 0xa8, 0x0e, 0x22, 0xa0, 0x94, 0x3a, 0xf6, 0xc9, 0x13, 0xe6, 0x06, 0xbf,
176 0x7f, 0x99, 0xc6, 0xcc, 0xd8, 0xc6, 0xbe, 0xd9, 0x2e, 0x24, 0xc7, 0x69,
177 0x8c, 0x95, 0xba, 0xf6, 0x04, 0xb3, 0x0a, 0xf4, 0xcb, 0xf0, 0xce,
180 static const unsigned char kMsg[] = { 1, 2, 3, 4 };
182 static const unsigned char kSignature[] = {
183 0xa5, 0xf0, 0x8a, 0x47, 0x5d, 0x3c, 0xb3, 0xcc, 0xa9, 0x79, 0xaf, 0x4d,
184 0x8c, 0xae, 0x4c, 0x14, 0xef, 0xc2, 0x0b, 0x34, 0x36, 0xde, 0xf4, 0x3e,
185 0x3d, 0xbb, 0x4a, 0x60, 0x5c, 0xc8, 0x91, 0x28, 0xda, 0xfb, 0x7e, 0x04,
186 0x96, 0x7e, 0x63, 0x13, 0x90, 0xce, 0xb9, 0xb4, 0x62, 0x7a, 0xfd, 0x09,
187 0x3d, 0xc7, 0x67, 0x78, 0x54, 0x04, 0xeb, 0x52, 0x62, 0x6e, 0x24, 0x67,
188 0xb4, 0x40, 0xfc, 0x57, 0x62, 0xc6, 0xf1, 0x67, 0xc1, 0x97, 0x8f, 0x6a,
189 0xa8, 0xae, 0x44, 0x46, 0x5e, 0xab, 0x67, 0x17, 0x53, 0x19, 0x3a, 0xda,
190 0x5a, 0xc8, 0x16, 0x3e, 0x86, 0xd5, 0xc5, 0x71, 0x2f, 0xfc, 0x23, 0x48,
191 0xd9, 0x0b, 0x13, 0xdd, 0x7b, 0x5a, 0x25, 0x79, 0xef, 0xa5, 0x7b, 0x04,
192 0xed, 0x44, 0xf6, 0x18, 0x55, 0xe4, 0x0a, 0xe9, 0x57, 0x79, 0x5d, 0xd7,
193 0x55, 0xa7, 0xab, 0x45, 0x02, 0x97, 0x60, 0x42,
197 * kExampleRSAKeyPKCS8 is kExampleRSAKeyDER encoded in a PKCS #8
200 static const unsigned char kExampleRSAKeyPKCS8[] = {
201 0x30, 0x82, 0x02, 0x76, 0x02, 0x01, 0x00, 0x30, 0x0d, 0x06, 0x09, 0x2a,
202 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x04, 0x82,
203 0x02, 0x60, 0x30, 0x82, 0x02, 0x5c, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81,
204 0x00, 0xf8, 0xb8, 0x6c, 0x83, 0xb4, 0xbc, 0xd9, 0xa8, 0x57, 0xc0, 0xa5,
205 0xb4, 0x59, 0x76, 0x8c, 0x54, 0x1d, 0x79, 0xeb, 0x22, 0x52, 0x04, 0x7e,
206 0xd3, 0x37, 0xeb, 0x41, 0xfd, 0x83, 0xf9, 0xf0, 0xa6, 0x85, 0x15, 0x34,
207 0x75, 0x71, 0x5a, 0x84, 0xa8, 0x3c, 0xd2, 0xef, 0x5a, 0x4e, 0xd3, 0xde,
208 0x97, 0x8a, 0xdd, 0xff, 0xbb, 0xcf, 0x0a, 0xaa, 0x86, 0x92, 0xbe, 0xb8,
209 0x50, 0xe4, 0xcd, 0x6f, 0x80, 0x33, 0x30, 0x76, 0x13, 0x8f, 0xca, 0x7b,
210 0xdc, 0xec, 0x5a, 0xca, 0x63, 0xc7, 0x03, 0x25, 0xef, 0xa8, 0x8a, 0x83,
211 0x58, 0x76, 0x20, 0xfa, 0x16, 0x77, 0xd7, 0x79, 0x92, 0x63, 0x01, 0x48,
212 0x1a, 0xd8, 0x7b, 0x67, 0xf1, 0x52, 0x55, 0x49, 0x4e, 0xd6, 0x6e, 0x4a,
213 0x5c, 0xd7, 0x7a, 0x37, 0x36, 0x0c, 0xde, 0xdd, 0x8f, 0x44, 0xe8, 0xc2,
214 0xa7, 0x2c, 0x2b, 0xb5, 0xaf, 0x64, 0x4b, 0x61, 0x07, 0x02, 0x03, 0x01,
215 0x00, 0x01, 0x02, 0x81, 0x80, 0x74, 0x88, 0x64, 0x3f, 0x69, 0x45, 0x3a,
216 0x6d, 0xc7, 0x7f, 0xb9, 0xa3, 0xc0, 0x6e, 0xec, 0xdc, 0xd4, 0x5a, 0xb5,
217 0x32, 0x85, 0x5f, 0x19, 0xd4, 0xf8, 0xd4, 0x3f, 0x3c, 0xfa, 0xc2, 0xf6,
218 0x5f, 0xee, 0xe6, 0xba, 0x87, 0x74, 0x2e, 0xc7, 0x0c, 0xd4, 0x42, 0xb8,
219 0x66, 0x85, 0x9c, 0x7b, 0x24, 0x61, 0xaa, 0x16, 0x11, 0xf6, 0xb5, 0xb6,
220 0xa4, 0x0a, 0xc9, 0x55, 0x2e, 0x81, 0xa5, 0x47, 0x61, 0xcb, 0x25, 0x8f,
221 0xc2, 0x15, 0x7b, 0x0e, 0x7c, 0x36, 0x9f, 0x3a, 0xda, 0x58, 0x86, 0x1c,
222 0x5b, 0x83, 0x79, 0xe6, 0x2b, 0xcc, 0xe6, 0xfa, 0x2c, 0x61, 0xf2, 0x78,
223 0x80, 0x1b, 0xe2, 0xf3, 0x9d, 0x39, 0x2b, 0x65, 0x57, 0x91, 0x3d, 0x71,
224 0x99, 0x73, 0xa5, 0xc2, 0x79, 0x20, 0x8c, 0x07, 0x4f, 0xe5, 0xb4, 0x60,
225 0x1f, 0x99, 0xa2, 0xb1, 0x4f, 0x0c, 0xef, 0xbc, 0x59, 0x53, 0x00, 0x7d,
226 0xb1, 0x02, 0x41, 0x00, 0xfc, 0x7e, 0x23, 0x65, 0x70, 0xf8, 0xce, 0xd3,
227 0x40, 0x41, 0x80, 0x6a, 0x1d, 0x01, 0xd6, 0x01, 0xff, 0xb6, 0x1b, 0x3d,
228 0x3d, 0x59, 0x09, 0x33, 0x79, 0xc0, 0x4f, 0xde, 0x96, 0x27, 0x4b, 0x18,
229 0xc6, 0xd9, 0x78, 0xf1, 0xf4, 0x35, 0x46, 0xe9, 0x7c, 0x42, 0x7a, 0x5d,
230 0x9f, 0xef, 0x54, 0xb8, 0xf7, 0x9f, 0xc4, 0x33, 0x6c, 0xf3, 0x8c, 0x32,
231 0x46, 0x87, 0x67, 0x30, 0x7b, 0xa7, 0xac, 0xe3, 0x02, 0x41, 0x00, 0xfc,
232 0x2c, 0xdf, 0x0c, 0x0d, 0x88, 0xf5, 0xb1, 0x92, 0xa8, 0x93, 0x47, 0x63,
233 0x55, 0xf5, 0xca, 0x58, 0x43, 0xba, 0x1c, 0xe5, 0x9e, 0xb6, 0x95, 0x05,
234 0xcd, 0xb5, 0x82, 0xdf, 0xeb, 0x04, 0x53, 0x9d, 0xbd, 0xc2, 0x38, 0x16,
235 0xb3, 0x62, 0xdd, 0xa1, 0x46, 0xdb, 0x6d, 0x97, 0x93, 0x9f, 0x8a, 0xc3,
236 0x9b, 0x64, 0x7e, 0x42, 0xe3, 0x32, 0x57, 0x19, 0x1b, 0xd5, 0x6e, 0x85,
237 0xfa, 0xb8, 0x8d, 0x02, 0x41, 0x00, 0xbc, 0x3d, 0xde, 0x6d, 0xd6, 0x97,
238 0xe8, 0xba, 0x9e, 0x81, 0x37, 0x17, 0xe5, 0xa0, 0x64, 0xc9, 0x00, 0xb7,
239 0xe7, 0xfe, 0xf4, 0x29, 0xd9, 0x2e, 0x43, 0x6b, 0x19, 0x20, 0xbd, 0x99,
240 0x75, 0xe7, 0x76, 0xf8, 0xd3, 0xae, 0xaf, 0x7e, 0xb8, 0xeb, 0x81, 0xf4,
241 0x9d, 0xfe, 0x07, 0x2b, 0x0b, 0x63, 0x0b, 0x5a, 0x55, 0x90, 0x71, 0x7d,
242 0xf1, 0xdb, 0xd9, 0xb1, 0x41, 0x41, 0x68, 0x2f, 0x4e, 0x39, 0x02, 0x40,
243 0x5a, 0x34, 0x66, 0xd8, 0xf5, 0xe2, 0x7f, 0x18, 0xb5, 0x00, 0x6e, 0x26,
244 0x84, 0x27, 0x14, 0x93, 0xfb, 0xfc, 0xc6, 0x0f, 0x5e, 0x27, 0xe6, 0xe1,
245 0xe9, 0xc0, 0x8a, 0xe4, 0x34, 0xda, 0xe9, 0xa2, 0x4b, 0x73, 0xbc, 0x8c,
246 0xb9, 0xba, 0x13, 0x6c, 0x7a, 0x2b, 0x51, 0x84, 0xa3, 0x4a, 0xe0, 0x30,
247 0x10, 0x06, 0x7e, 0xed, 0x17, 0x5a, 0x14, 0x00, 0xc9, 0xef, 0x85, 0xea,
248 0x52, 0x2c, 0xbc, 0x65, 0x02, 0x40, 0x51, 0xe3, 0xf2, 0x83, 0x19, 0x9b,
249 0xc4, 0x1e, 0x2f, 0x50, 0x3d, 0xdf, 0x5a, 0xa2, 0x18, 0xca, 0x5f, 0x2e,
250 0x49, 0xaf, 0x6f, 0xcc, 0xfa, 0x65, 0x77, 0x94, 0xb5, 0xa1, 0x0a, 0xa9,
251 0xd1, 0x8a, 0x39, 0x37, 0xf4, 0x0b, 0xa0, 0xd7, 0x82, 0x27, 0x5e, 0xae,
252 0x17, 0x17, 0xa1, 0x1e, 0x54, 0x34, 0xbf, 0x6e, 0xc4, 0x8e, 0x99, 0x5d,
253 0x08, 0xf1, 0x2d, 0x86, 0x9d, 0xa5, 0x20, 0x1b, 0xe5, 0xdf,
256 #ifndef OPENSSL_NO_EC
258 * kExampleECKeyDER is a sample EC private key encoded as an ECPrivateKey
261 static const unsigned char kExampleECKeyDER[] = {
262 0x30, 0x77, 0x02, 0x01, 0x01, 0x04, 0x20, 0x07, 0x0f, 0x08, 0x72, 0x7a,
263 0xd4, 0xa0, 0x4a, 0x9c, 0xdd, 0x59, 0xc9, 0x4d, 0x89, 0x68, 0x77, 0x08,
264 0xb5, 0x6f, 0xc9, 0x5d, 0x30, 0x77, 0x0e, 0xe8, 0xd1, 0xc9, 0xce, 0x0a,
265 0x8b, 0xb4, 0x6a, 0xa0, 0x0a, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d,
266 0x03, 0x01, 0x07, 0xa1, 0x44, 0x03, 0x42, 0x00, 0x04, 0xe6, 0x2b, 0x69,
267 0xe2, 0xbf, 0x65, 0x9f, 0x97, 0xbe, 0x2f, 0x1e, 0x0d, 0x94, 0x8a, 0x4c,
268 0xd5, 0x97, 0x6b, 0xb7, 0xa9, 0x1e, 0x0d, 0x46, 0xfb, 0xdd, 0xa9, 0xa9,
269 0x1e, 0x9d, 0xdc, 0xba, 0x5a, 0x01, 0xe7, 0xd6, 0x97, 0xa8, 0x0a, 0x18,
270 0xf9, 0xc3, 0xc4, 0xa3, 0x1e, 0x56, 0xe2, 0x7c, 0x83, 0x48, 0xdb, 0x16,
271 0x1a, 0x1c, 0xf5, 0x1d, 0x7e, 0xf1, 0x94, 0x2d, 0x4b, 0xcf, 0x72, 0x22,
276 * kExampleBadECKeyDER is a sample EC private key encoded as an ECPrivateKey
277 * structure. The private key is equal to the order and will fail to import
279 static const unsigned char kExampleBadECKeyDER[] = {
280 0x30, 0x66, 0x02, 0x01, 0x00, 0x30, 0x13, 0x06, 0x07, 0x2A, 0x86, 0x48,
281 0xCE, 0x3D, 0x02, 0x01, 0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x03,
282 0x01, 0x07, 0x04, 0x4C, 0x30, 0x4A, 0x02, 0x01, 0x01, 0x04, 0x20, 0xFF,
283 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
284 0xFF, 0xFF, 0xFF, 0xBC, 0xE6, 0xFA, 0xAD, 0xA7, 0x17, 0x9E, 0x84, 0xF3,
285 0xB9, 0xCA, 0xC2, 0xFC, 0x63, 0x25, 0x51, 0xA1, 0x23, 0x03, 0x21, 0x00,
286 0x00, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF,
287 0xFF, 0xFF, 0xFF, 0xFF, 0xBC, 0xE6, 0xFA, 0xAD, 0xA7, 0x17, 0x9E, 0x84,
288 0xF3, 0xB9, 0xCA, 0xC2, 0xFC, 0x63, 0x25, 0x51
292 static const unsigned char kExampleECPubKeyDER[] = {
293 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
294 0x01, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, 0x03,
295 0x42, 0x00, 0x04, 0xba, 0xeb, 0x83, 0xfb, 0x3b, 0xb2, 0xff, 0x30, 0x53,
296 0xdb, 0xce, 0x32, 0xf2, 0xac, 0xae, 0x44, 0x0d, 0x3d, 0x13, 0x53, 0xb8,
297 0xd1, 0x68, 0x55, 0xde, 0x44, 0x46, 0x05, 0xa6, 0xc9, 0xd2, 0x04, 0xb7,
298 0xe3, 0xa2, 0x96, 0xc8, 0xb2, 0x5e, 0x22, 0x03, 0xd7, 0x03, 0x7a, 0x8b,
299 0x13, 0x5c, 0x42, 0x49, 0xc2, 0xab, 0x86, 0xd6, 0xac, 0x6b, 0x93, 0x20,
300 0x56, 0x6a, 0xc6, 0xc8, 0xa5, 0x0b, 0xe5
304 * kExampleBadECPubKeyDER is a sample EC public key with a wrong OID
305 * 1.2.840.10045.2.2 instead of 1.2.840.10045.2.1 - EC Public Key
307 static const unsigned char kExampleBadECPubKeyDER[] = {
308 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
309 0x02, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, 0x03,
310 0x42, 0x00, 0x04, 0xba, 0xeb, 0x83, 0xfb, 0x3b, 0xb2, 0xff, 0x30, 0x53,
311 0xdb, 0xce, 0x32, 0xf2, 0xac, 0xae, 0x44, 0x0d, 0x3d, 0x13, 0x53, 0xb8,
312 0xd1, 0x68, 0x55, 0xde, 0x44, 0x46, 0x05, 0xa6, 0xc9, 0xd2, 0x04, 0xb7,
313 0xe3, 0xa2, 0x96, 0xc8, 0xb2, 0x5e, 0x22, 0x03, 0xd7, 0x03, 0x7a, 0x8b,
314 0x13, 0x5c, 0x42, 0x49, 0xc2, 0xab, 0x86, 0xd6, 0xac, 0x6b, 0x93, 0x20,
315 0x56, 0x6a, 0xc6, 0xc8, 0xa5, 0x0b, 0xe5
318 static const unsigned char pExampleECParamDER[] = {
319 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07
323 static const unsigned char kCFBDefaultKey[] = {
324 0x2B, 0x7E, 0x15, 0x16, 0x28, 0xAE, 0xD2, 0xA6, 0xAB, 0xF7, 0x15, 0x88,
325 0x09, 0xCF, 0x4F, 0x3C
328 static const unsigned char kGCMDefaultKey[32] = { 0 };
330 static const unsigned char kGCMResetKey[] = {
331 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c, 0x6d, 0x6a, 0x8f, 0x94,
332 0x67, 0x30, 0x83, 0x08, 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c,
333 0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08
336 static const unsigned char iCFBIV[] = {
337 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0A, 0x0B,
338 0x0C, 0x0D, 0x0E, 0x0F
341 static const unsigned char iGCMDefaultIV[12] = { 0 };
343 static const unsigned char iGCMResetIV1[] = {
344 0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad
347 static const unsigned char iGCMResetIV2[] = {
348 0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad, 0xde, 0xca, 0xf8, 0x88
351 static const unsigned char cfbPlaintext[] = {
352 0x6B, 0xC1, 0xBE, 0xE2, 0x2E, 0x40, 0x9F, 0x96, 0xE9, 0x3D, 0x7E, 0x11,
353 0x73, 0x93, 0x17, 0x2A
356 static const unsigned char gcmDefaultPlaintext[16] = { 0 };
358 static const unsigned char gcmResetPlaintext[] = {
359 0xd9, 0x31, 0x32, 0x25, 0xf8, 0x84, 0x06, 0xe5, 0xa5, 0x59, 0x09, 0xc5,
360 0xaf, 0xf5, 0x26, 0x9a, 0x86, 0xa7, 0xa9, 0x53, 0x15, 0x34, 0xf7, 0xda,
361 0x2e, 0x4c, 0x30, 0x3d, 0x8a, 0x31, 0x8a, 0x72, 0x1c, 0x3c, 0x0c, 0x95,
362 0x95, 0x68, 0x09, 0x53, 0x2f, 0xcf, 0x0e, 0x24, 0x49, 0xa6, 0xb5, 0x25,
363 0xb1, 0x6a, 0xed, 0xf5, 0xaa, 0x0d, 0xe6, 0x57, 0xba, 0x63, 0x7b, 0x39
366 static const unsigned char cfbCiphertext[] = {
367 0x3B, 0x3F, 0xD9, 0x2E, 0xB7, 0x2D, 0xAD, 0x20, 0x33, 0x34, 0x49, 0xF8,
368 0xE8, 0x3C, 0xFB, 0x4A
371 static const unsigned char gcmDefaultCiphertext[] = {
372 0xce, 0xa7, 0x40, 0x3d, 0x4d, 0x60, 0x6b, 0x6e, 0x07, 0x4e, 0xc5, 0xd3,
373 0xba, 0xf3, 0x9d, 0x18
376 static const unsigned char gcmResetCiphertext1[] = {
377 0xc3, 0x76, 0x2d, 0xf1, 0xca, 0x78, 0x7d, 0x32, 0xae, 0x47, 0xc1, 0x3b,
378 0xf1, 0x98, 0x44, 0xcb, 0xaf, 0x1a, 0xe1, 0x4d, 0x0b, 0x97, 0x6a, 0xfa,
379 0xc5, 0x2f, 0xf7, 0xd7, 0x9b, 0xba, 0x9d, 0xe0, 0xfe, 0xb5, 0x82, 0xd3,
380 0x39, 0x34, 0xa4, 0xf0, 0x95, 0x4c, 0xc2, 0x36, 0x3b, 0xc7, 0x3f, 0x78,
381 0x62, 0xac, 0x43, 0x0e, 0x64, 0xab, 0xe4, 0x99, 0xf4, 0x7c, 0x9b, 0x1f
384 static const unsigned char gcmResetCiphertext2[] = {
385 0x52, 0x2d, 0xc1, 0xf0, 0x99, 0x56, 0x7d, 0x07, 0xf4, 0x7f, 0x37, 0xa3,
386 0x2a, 0x84, 0x42, 0x7d, 0x64, 0x3a, 0x8c, 0xdc, 0xbf, 0xe5, 0xc0, 0xc9,
387 0x75, 0x98, 0xa2, 0xbd, 0x25, 0x55, 0xd1, 0xaa, 0x8c, 0xb0, 0x8e, 0x48,
388 0x59, 0x0d, 0xbb, 0x3d, 0xa7, 0xb0, 0x8b, 0x10, 0x56, 0x82, 0x88, 0x38,
389 0xc5, 0xf6, 0x1e, 0x63, 0x93, 0xba, 0x7a, 0x0a, 0xbc, 0xc9, 0xf6, 0x62
392 static const unsigned char gcmAAD[] = {
393 0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef, 0xfe, 0xed, 0xfa, 0xce,
394 0xde, 0xad, 0xbe, 0xef, 0xab, 0xad, 0xda, 0xd2
397 static const unsigned char gcmDefaultTag[] = {
398 0xd0, 0xd1, 0xc8, 0xa7, 0x99, 0x99, 0x6b, 0xf0, 0x26, 0x5b, 0x98, 0xb5,
399 0xd4, 0x8a, 0xb9, 0x19
402 static const unsigned char gcmResetTag1[] = {
403 0x3a, 0x33, 0x7d, 0xbf, 0x46, 0xa7, 0x92, 0xc4, 0x5e, 0x45, 0x49, 0x13,
404 0xfe, 0x2e, 0xa8, 0xf2
407 static const unsigned char gcmResetTag2[] = {
408 0x76, 0xfc, 0x6e, 0xce, 0x0f, 0x4e, 0x17, 0x68, 0xcd, 0xdf, 0x88, 0x53,
409 0xbb, 0x2d, 0x55, 0x1b
413 typedef struct APK_DATA_st {
414 const unsigned char *kder;
420 int type; /* 0 for private, 1 for public, 2 for params */
425 const unsigned char *key;
426 const unsigned char *iv;
427 const unsigned char *input;
428 const unsigned char *expected;
429 const unsigned char *tag;
430 size_t ivlen; /* 0 if we do not need to set a specific IV len */
439 static const EVP_INIT_TEST_st evp_init_tests[] = {
441 "aes-128-cfb", kCFBDefaultKey, iCFBIV, cfbPlaintext,
442 cfbCiphertext, NULL, 0, sizeof(cfbPlaintext), sizeof(cfbCiphertext),
446 "aes-256-gcm", kGCMDefaultKey, iGCMDefaultIV, gcmDefaultPlaintext,
447 gcmDefaultCiphertext, gcmDefaultTag, sizeof(iGCMDefaultIV),
448 sizeof(gcmDefaultPlaintext), sizeof(gcmDefaultCiphertext),
449 sizeof(gcmDefaultTag), 1, 0, 1
452 "aes-128-cfb", kCFBDefaultKey, iCFBIV, cfbPlaintext,
453 cfbCiphertext, NULL, 0, sizeof(cfbPlaintext), sizeof(cfbCiphertext),
457 "aes-256-gcm", kGCMDefaultKey, iGCMDefaultIV, gcmDefaultPlaintext,
458 gcmDefaultCiphertext, gcmDefaultTag, sizeof(iGCMDefaultIV),
459 sizeof(gcmDefaultPlaintext), sizeof(gcmDefaultCiphertext),
460 sizeof(gcmDefaultTag), 0, 0, 1
463 "aes-128-cfb", kCFBDefaultKey, iCFBIV, cfbCiphertext,
464 cfbPlaintext, NULL, 0, sizeof(cfbCiphertext), sizeof(cfbPlaintext),
468 "aes-256-gcm", kGCMDefaultKey, iGCMDefaultIV, gcmDefaultCiphertext,
469 gcmDefaultPlaintext, gcmDefaultTag, sizeof(iGCMDefaultIV),
470 sizeof(gcmDefaultCiphertext), sizeof(gcmDefaultPlaintext),
471 sizeof(gcmDefaultTag), 1, 1, 0
474 "aes-128-cfb", kCFBDefaultKey, iCFBIV, cfbCiphertext,
475 cfbPlaintext, NULL, 0, sizeof(cfbCiphertext), sizeof(cfbPlaintext),
479 "aes-256-gcm", kGCMDefaultKey, iGCMDefaultIV, gcmDefaultCiphertext,
480 gcmDefaultPlaintext, gcmDefaultTag, sizeof(iGCMDefaultIV),
481 sizeof(gcmDefaultCiphertext), sizeof(gcmDefaultPlaintext),
482 sizeof(gcmDefaultTag), 0, 1, 0
486 static int evp_init_seq_set_iv(EVP_CIPHER_CTX *ctx, const EVP_INIT_TEST_st *t)
491 if (!TEST_true(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_IVLEN, t->ivlen, NULL)))
494 if (!TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, NULL, t->iv, -1)))
502 * Test step-wise cipher initialization via EVP_CipherInit_ex where the
503 * arguments are given one at a time and a final adjustment to the enc
504 * parameter sets the correct operation.
506 static int test_evp_init_seq(int idx)
508 int outlen1, outlen2;
510 unsigned char outbuf[1024];
511 unsigned char tag[16];
512 const EVP_INIT_TEST_st *t = &evp_init_tests[idx];
513 EVP_CIPHER_CTX *ctx = NULL;
514 const EVP_CIPHER *type = NULL;
515 size_t taglen = sizeof(tag);
518 ctx = EVP_CIPHER_CTX_new();
520 errmsg = "CTX_ALLOC";
523 if (!TEST_ptr(type = EVP_get_cipherbyname(t->cipher))) {
524 errmsg = "GET_CIPHERBYNAME";
527 if (!TEST_true(EVP_CipherInit_ex(ctx, type, NULL, NULL, NULL, t->initenc))) {
528 errmsg = "EMPTY_ENC_INIT";
531 if (!TEST_true(EVP_CIPHER_CTX_set_padding(ctx, 0))) {
535 if (t->keyfirst && !TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, t->key, NULL, -1))) {
536 errmsg = "KEY_INIT (before iv)";
539 if (!evp_init_seq_set_iv(ctx, t)) {
543 if (t->keyfirst == 0 && !TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, t->key, NULL, -1))) {
544 errmsg = "KEY_INIT (after iv)";
547 if (!TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, NULL, NULL, t->finalenc))) {
548 errmsg = "FINAL_ENC_INIT";
551 if (!TEST_true(EVP_CipherUpdate(ctx, outbuf, &outlen1, t->input, t->inlen))) {
552 errmsg = "CIPHER_UPDATE";
555 if (t->finalenc == 0 && t->tag != NULL) {
556 /* Set expected tag */
557 if (!TEST_true(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG,
558 t->taglen, (void *)t->tag))) {
563 if (!TEST_true(EVP_CipherFinal_ex(ctx, outbuf + outlen1, &outlen2))) {
564 errmsg = "CIPHER_FINAL";
567 if (!TEST_mem_eq(t->expected, t->expectedlen, outbuf, outlen1 + outlen2)) {
568 errmsg = "WRONG_RESULT";
571 if (t->finalenc != 0 && t->tag != NULL) {
572 if (!TEST_true(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, taglen, tag))) {
576 if (!TEST_mem_eq(t->tag, t->taglen, tag, taglen)) {
577 errmsg = "TAG_ERROR";
584 TEST_info("evp_init_test %d: %s", idx, errmsg);
585 EVP_CIPHER_CTX_free(ctx);
590 const unsigned char *input;
591 const unsigned char *expected;
597 static const EVP_RESET_TEST_st evp_reset_tests[] = {
599 cfbPlaintext, cfbCiphertext,
600 sizeof(cfbPlaintext), sizeof(cfbCiphertext), 1
603 cfbCiphertext, cfbPlaintext,
604 sizeof(cfbCiphertext), sizeof(cfbPlaintext), 0
609 * Test a reset of a cipher via EVP_CipherInit_ex after the cipher has already
612 static int test_evp_reset(int idx)
614 const EVP_RESET_TEST_st *t = &evp_reset_tests[idx];
615 int outlen1, outlen2;
617 unsigned char outbuf[1024];
618 EVP_CIPHER_CTX *ctx = NULL;
619 const EVP_CIPHER *type = NULL;
622 if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new())) {
623 errmsg = "CTX_ALLOC";
626 if (!TEST_ptr(type = EVP_get_cipherbyname("aes-128-cfb"))) {
627 errmsg = "GET_CIPHERBYNAME";
630 if (!TEST_true(EVP_CipherInit_ex(ctx, type, NULL, kCFBDefaultKey, iCFBIV, t->enc))) {
631 errmsg = "CIPHER_INIT";
634 if (!TEST_true(EVP_CIPHER_CTX_set_padding(ctx, 0))) {
638 if (!TEST_true(EVP_CipherUpdate(ctx, outbuf, &outlen1, t->input, t->inlen))) {
639 errmsg = "CIPHER_UPDATE";
642 if (!TEST_true(EVP_CipherFinal_ex(ctx, outbuf + outlen1, &outlen2))) {
643 errmsg = "CIPHER_FINAL";
646 if (!TEST_mem_eq(t->expected, t->expectedlen, outbuf, outlen1 + outlen2)) {
647 errmsg = "WRONG_RESULT";
650 if (!TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, NULL, NULL, -1))) {
651 errmsg = "CIPHER_REINIT";
654 if (!TEST_true(EVP_CipherUpdate(ctx, outbuf, &outlen1, t->input, t->inlen))) {
655 errmsg = "CIPHER_UPDATE (reinit)";
658 if (!TEST_true(EVP_CipherFinal_ex(ctx, outbuf + outlen1, &outlen2))) {
659 errmsg = "CIPHER_FINAL (reinit)";
662 if (!TEST_mem_eq(t->expected, t->expectedlen, outbuf, outlen1 + outlen2)) {
663 errmsg = "WRONG_RESULT (reinit)";
669 TEST_info("test_evp_reset %d: %s", idx, errmsg);
670 EVP_CIPHER_CTX_free(ctx);
675 const unsigned char *iv1;
676 const unsigned char *iv2;
677 const unsigned char *expected1;
678 const unsigned char *expected2;
679 const unsigned char *tag1;
680 const unsigned char *tag2;
685 } TEST_GCM_IV_REINIT_st;
687 static const TEST_GCM_IV_REINIT_st gcm_reinit_tests[] = {
689 iGCMResetIV1, iGCMResetIV2, gcmResetCiphertext1, gcmResetCiphertext2,
690 gcmResetTag1, gcmResetTag2, sizeof(iGCMResetIV1), sizeof(iGCMResetIV2),
691 sizeof(gcmResetCiphertext1), sizeof(gcmResetCiphertext2)
694 iGCMResetIV2, iGCMResetIV1, gcmResetCiphertext2, gcmResetCiphertext1,
695 gcmResetTag2, gcmResetTag1, sizeof(iGCMResetIV2), sizeof(iGCMResetIV1),
696 sizeof(gcmResetCiphertext2), sizeof(gcmResetCiphertext1)
700 static int test_gcm_reinit(int idx)
702 int outlen1, outlen2, outlen3;
704 unsigned char outbuf[1024];
705 unsigned char tag[16];
706 const TEST_GCM_IV_REINIT_st *t = &gcm_reinit_tests[idx];
707 EVP_CIPHER_CTX *ctx = NULL;
708 const EVP_CIPHER *type = NULL;
709 size_t taglen = sizeof(tag);
712 if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new())) {
713 errmsg = "CTX_ALLOC";
716 if (!TEST_ptr(type = EVP_get_cipherbyname("aes-256-gcm"))) {
717 errmsg = "GET_CIPHERBYNAME";
720 if (!TEST_true(EVP_CipherInit_ex(ctx, type, NULL, NULL, NULL, 1))) {
724 if (!TEST_true(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_IVLEN, t->ivlen1, NULL))) {
725 errmsg = "SET_IVLEN1";
728 if (!TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, kGCMResetKey, t->iv1, 1))) {
732 if (!TEST_true(EVP_CipherUpdate(ctx, NULL, &outlen3, gcmAAD, sizeof(gcmAAD)))) {
736 EVP_CIPHER_CTX_set_padding(ctx, 0);
737 if (!TEST_true(EVP_CipherUpdate(ctx, outbuf, &outlen1, gcmResetPlaintext,
738 sizeof(gcmResetPlaintext)))) {
739 errmsg = "CIPHER_UPDATE1";
742 if (!TEST_true(EVP_CipherFinal_ex(ctx, outbuf + outlen1, &outlen2))) {
743 errmsg = "CIPHER_FINAL1";
746 if (!TEST_mem_eq(t->expected1, t->expectedlen1, outbuf, outlen1 + outlen2)) {
747 errmsg = "WRONG_RESULT1";
750 if (!TEST_true(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, taglen, tag))) {
754 if (!TEST_mem_eq(t->tag1, taglen, tag, taglen)) {
755 errmsg = "TAG_ERROR1";
759 if (!TEST_true(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_IVLEN, t->ivlen2, NULL))) {
760 errmsg = "SET_IVLEN2";
763 if (!TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, NULL, t->iv2, -1))) {
767 if (!TEST_true(EVP_CipherUpdate(ctx, NULL, &outlen3, gcmAAD, sizeof(gcmAAD)))) {
771 if (!TEST_true(EVP_CipherUpdate(ctx, outbuf, &outlen1, gcmResetPlaintext,
772 sizeof(gcmResetPlaintext)))) {
773 errmsg = "CIPHER_UPDATE2";
776 if (!TEST_true(EVP_CipherFinal_ex(ctx, outbuf + outlen1, &outlen2))) {
777 errmsg = "CIPHER_FINAL2";
780 if (!TEST_mem_eq(t->expected2, t->expectedlen2, outbuf, outlen1 + outlen2)) {
781 errmsg = "WRONG_RESULT2";
784 if (!TEST_true(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, taglen, tag))) {
788 if (!TEST_mem_eq(t->tag2, taglen, tag, taglen)) {
789 errmsg = "TAG_ERROR2";
795 TEST_info("evp_init_test %d: %s", idx, errmsg);
796 EVP_CIPHER_CTX_free(ctx);
803 } EVP_UPDATED_IV_TEST_st;
805 static const EVP_UPDATED_IV_TEST_st evp_updated_iv_tests[] = {
851 * Test that the IV in the context is updated during a crypto operation for CFB
854 static int test_evp_updated_iv(int idx)
856 const EVP_UPDATED_IV_TEST_st *t = &evp_updated_iv_tests[idx];
857 int outlen1, outlen2;
859 unsigned char outbuf[1024];
860 EVP_CIPHER_CTX *ctx = NULL;
861 const EVP_CIPHER *type = NULL;
862 const unsigned char *updated_iv;
866 if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new())) {
867 errmsg = "CTX_ALLOC";
870 if ((type = EVP_get_cipherbyname(t->cipher)) == NULL) {
871 TEST_info("cipher %s not supported, skipping", t->cipher);
874 if (!TEST_true(EVP_CipherInit_ex(ctx, type, NULL, kCFBDefaultKey, iCFBIV, t->enc))) {
875 errmsg = "CIPHER_INIT";
878 if (!TEST_true(EVP_CIPHER_CTX_set_padding(ctx, 0))) {
882 if (!TEST_true(EVP_CipherUpdate(ctx, outbuf, &outlen1, cfbPlaintext, sizeof(cfbPlaintext)))) {
883 errmsg = "CIPHER_UPDATE";
886 if (!TEST_ptr(updated_iv = EVP_CIPHER_CTX_iv(ctx))) {
887 errmsg = "CIPHER_CTX_IV";
890 if (!TEST_true(iv_len = EVP_CIPHER_CTX_iv_length(ctx))) {
891 errmsg = "CIPHER_CTX_IV_LEN";
894 if (!TEST_mem_ne(iCFBIV, sizeof(iCFBIV), updated_iv, iv_len)) {
895 errmsg = "IV_NOT_UPDATED";
898 if (!TEST_true(EVP_CipherFinal_ex(ctx, outbuf + outlen1, &outlen2))) {
899 errmsg = "CIPHER_FINAL";
906 TEST_info("test_evp_updated_iv %d: %s", idx, errmsg);
907 EVP_CIPHER_CTX_free(ctx);
911 static APK_DATA keydata[] = {
912 {kExampleRSAKeyDER, sizeof(kExampleRSAKeyDER), EVP_PKEY_RSA},
913 {kExampleRSAKeyPKCS8, sizeof(kExampleRSAKeyPKCS8), EVP_PKEY_RSA},
914 #ifndef OPENSSL_NO_EC
915 {kExampleECKeyDER, sizeof(kExampleECKeyDER), EVP_PKEY_EC}
919 static APK_DATA keycheckdata[] = {
920 {kExampleRSAKeyDER, sizeof(kExampleRSAKeyDER), EVP_PKEY_RSA, 1, -2, -2, 0},
921 {kExampleBadRSAKeyDER, sizeof(kExampleBadRSAKeyDER), EVP_PKEY_RSA,
923 #ifndef OPENSSL_NO_EC
924 {kExampleECKeyDER, sizeof(kExampleECKeyDER), EVP_PKEY_EC, 1, 1, 1, 0},
925 /* group is also associated in our pub key */
926 {kExampleECPubKeyDER, sizeof(kExampleECPubKeyDER), EVP_PKEY_EC, 0, 1, 1, 1},
927 {pExampleECParamDER, sizeof(pExampleECParamDER), EVP_PKEY_EC, 0, 0, 1, 2}
931 static EVP_PKEY *load_example_rsa_key(void)
933 EVP_PKEY *ret = NULL;
934 const unsigned char *derp = kExampleRSAKeyDER;
935 EVP_PKEY *pkey = NULL;
938 if (!TEST_true(d2i_RSAPrivateKey(&rsa, &derp, sizeof(kExampleRSAKeyDER))))
941 if (!TEST_ptr(pkey = EVP_PKEY_new())
942 || !TEST_true(EVP_PKEY_set1_RSA(pkey, rsa)))
955 static int test_EVP_Enveloped(void)
958 EVP_CIPHER_CTX *ctx = NULL;
959 EVP_PKEY *keypair = NULL;
960 unsigned char *kek = NULL;
961 unsigned char iv[EVP_MAX_IV_LENGTH];
962 static const unsigned char msg[] = { 1, 2, 3, 4, 5, 6, 7, 8 };
963 int len, kek_len, ciphertext_len, plaintext_len;
964 unsigned char ciphertext[32], plaintext[16];
965 const EVP_CIPHER *type = EVP_aes_256_cbc();
967 if (!TEST_ptr(keypair = load_example_rsa_key())
968 || !TEST_ptr(kek = OPENSSL_zalloc(EVP_PKEY_size(keypair)))
969 || !TEST_ptr(ctx = EVP_CIPHER_CTX_new())
970 || !TEST_true(EVP_SealInit(ctx, type, &kek, &kek_len, iv,
972 || !TEST_true(EVP_SealUpdate(ctx, ciphertext, &ciphertext_len,
974 || !TEST_true(EVP_SealFinal(ctx, ciphertext + ciphertext_len,
978 ciphertext_len += len;
980 if (!TEST_true(EVP_OpenInit(ctx, type, kek, kek_len, iv, keypair))
981 || !TEST_true(EVP_OpenUpdate(ctx, plaintext, &plaintext_len,
982 ciphertext, ciphertext_len))
983 || !TEST_true(EVP_OpenFinal(ctx, plaintext + plaintext_len, &len)))
986 plaintext_len += len;
987 if (!TEST_mem_eq(msg, sizeof(msg), plaintext, plaintext_len))
993 EVP_PKEY_free(keypair);
994 EVP_CIPHER_CTX_free(ctx);
999 static int test_EVP_DigestSignInit(void)
1002 EVP_PKEY *pkey = NULL;
1003 unsigned char *sig = NULL;
1005 EVP_MD_CTX *md_ctx, *md_ctx_verify = NULL;
1007 if (!TEST_ptr(md_ctx = EVP_MD_CTX_new())
1008 || !TEST_ptr(md_ctx_verify = EVP_MD_CTX_new())
1009 || !TEST_ptr(pkey = load_example_rsa_key()))
1012 if (!TEST_true(EVP_DigestSignInit(md_ctx, NULL, EVP_sha256(), NULL, pkey))
1013 || !TEST_true(EVP_DigestSignUpdate(md_ctx, kMsg, sizeof(kMsg))))
1016 /* Determine the size of the signature. */
1017 if (!TEST_true(EVP_DigestSignFinal(md_ctx, NULL, &sig_len))
1018 || !TEST_size_t_eq(sig_len, (size_t)EVP_PKEY_size(pkey)))
1021 if (!TEST_ptr(sig = OPENSSL_malloc(sig_len))
1022 || !TEST_true(EVP_DigestSignFinal(md_ctx, sig, &sig_len)))
1025 /* Ensure that the signature round-trips. */
1026 if (!TEST_true(EVP_DigestVerifyInit(md_ctx_verify, NULL, EVP_sha256(),
1028 || !TEST_true(EVP_DigestVerifyUpdate(md_ctx_verify,
1029 kMsg, sizeof(kMsg)))
1030 || !TEST_true(EVP_DigestVerifyFinal(md_ctx_verify, sig, sig_len)))
1036 EVP_MD_CTX_free(md_ctx);
1037 EVP_MD_CTX_free(md_ctx_verify);
1038 EVP_PKEY_free(pkey);
1044 static int test_EVP_DigestVerifyInit(void)
1047 EVP_PKEY *pkey = NULL;
1048 EVP_MD_CTX *md_ctx = NULL;
1050 if (!TEST_ptr(md_ctx = EVP_MD_CTX_new())
1051 || !TEST_ptr(pkey = load_example_rsa_key()))
1054 if (!TEST_true(EVP_DigestVerifyInit(md_ctx, NULL, EVP_sha256(), NULL, pkey))
1055 || !TEST_true(EVP_DigestVerifyUpdate(md_ctx, kMsg, sizeof(kMsg)))
1056 || !TEST_true(EVP_DigestVerifyFinal(md_ctx, kSignature,
1057 sizeof(kSignature))))
1062 EVP_MD_CTX_free(md_ctx);
1063 EVP_PKEY_free(pkey);
1067 static int test_d2i_AutoPrivateKey(int i)
1070 const unsigned char *p;
1071 EVP_PKEY *pkey = NULL;
1072 const APK_DATA *ak = &keydata[i];
1073 const unsigned char *input = ak->kder;
1074 size_t input_len = ak->size;
1075 int expected_id = ak->evptype;
1078 if (!TEST_ptr(pkey = d2i_AutoPrivateKey(NULL, &p, input_len))
1079 || !TEST_ptr_eq(p, input + input_len)
1080 || !TEST_int_eq(EVP_PKEY_id(pkey), expected_id))
1086 EVP_PKEY_free(pkey);
1090 #ifndef OPENSSL_NO_EC
1092 static const unsigned char ec_public_sect163k1_validxy[] = {
1093 0x30, 0x40, 0x30, 0x10, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
1094 0x01, 0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x01, 0x03, 0x2c, 0x00, 0x04,
1095 0x02, 0x84, 0x58, 0xa6, 0xd4, 0xa0, 0x35, 0x2b, 0xae, 0xf0, 0xc0, 0x69,
1096 0x05, 0xcf, 0x2a, 0x50, 0x33, 0xf9, 0xe3, 0x92, 0x79, 0x02, 0xd1, 0x7b,
1097 0x9f, 0x22, 0x00, 0xf0, 0x3b, 0x0e, 0x5d, 0x2e, 0xb7, 0x23, 0x24, 0xf3,
1098 0x6a, 0xd8, 0x17, 0x65, 0x41, 0x2f
1101 static const unsigned char ec_public_sect163k1_badx[] = {
1102 0x30, 0x40, 0x30, 0x10, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
1103 0x01, 0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x01, 0x03, 0x2c, 0x00, 0x04,
1104 0x0a, 0x84, 0x58, 0xa6, 0xd4, 0xa0, 0x35, 0x2b, 0xae, 0xf0, 0xc0, 0x69,
1105 0x05, 0xcf, 0x2a, 0x50, 0x33, 0xf9, 0xe3, 0x92, 0xb0, 0x02, 0xd1, 0x7b,
1106 0x9f, 0x22, 0x00, 0xf0, 0x3b, 0x0e, 0x5d, 0x2e, 0xb7, 0x23, 0x24, 0xf3,
1107 0x6a, 0xd8, 0x17, 0x65, 0x41, 0x2f
1110 static const unsigned char ec_public_sect163k1_bady[] = {
1111 0x30, 0x40, 0x30, 0x10, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
1112 0x01, 0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x01, 0x03, 0x2c, 0x00, 0x04,
1113 0x02, 0x84, 0x58, 0xa6, 0xd4, 0xa0, 0x35, 0x2b, 0xae, 0xf0, 0xc0, 0x69,
1114 0x05, 0xcf, 0x2a, 0x50, 0x33, 0xf9, 0xe3, 0x92, 0x79, 0x0a, 0xd1, 0x7b,
1115 0x9f, 0x22, 0x00, 0xf0, 0x3b, 0x0e, 0x5d, 0x2e, 0xb7, 0x23, 0x24, 0xf3,
1116 0x6a, 0xd8, 0x17, 0x65, 0x41, 0xe6
1119 static struct ec_der_pub_keys_st {
1120 const unsigned char *der;
1123 } ec_der_pub_keys[] = {
1124 { ec_public_sect163k1_validxy, sizeof(ec_public_sect163k1_validxy), 1 },
1125 { ec_public_sect163k1_badx, sizeof(ec_public_sect163k1_badx), 0 },
1126 { ec_public_sect163k1_bady, sizeof(ec_public_sect163k1_bady), 0 },
1130 * Tests the range of the decoded EC char2 public point.
1131 * See ec_GF2m_simple_oct2point().
1133 static int test_invalide_ec_char2_pub_range_decode(int id)
1137 EC_KEY *eckey = NULL;
1139 if (!TEST_ptr(bio = BIO_new_mem_buf(ec_der_pub_keys[id].der,
1140 ec_der_pub_keys[id].len)))
1142 eckey = d2i_EC_PUBKEY_bio(bio, NULL);
1143 ret = (ec_der_pub_keys[id].valid && TEST_ptr(eckey))
1144 || TEST_ptr_null(eckey);
1151 /* Tests loading a bad key in PKCS8 format */
1152 static int test_EVP_PKCS82PKEY(void)
1155 const unsigned char *derp = kExampleBadECKeyDER;
1156 PKCS8_PRIV_KEY_INFO *p8inf = NULL;
1157 EVP_PKEY *pkey = NULL;
1159 if (!TEST_ptr(p8inf = d2i_PKCS8_PRIV_KEY_INFO(NULL, &derp,
1160 sizeof(kExampleBadECKeyDER))))
1163 if (!TEST_ptr_eq(derp,
1164 kExampleBadECKeyDER + sizeof(kExampleBadECKeyDER)))
1167 if (!TEST_ptr_null(pkey = EVP_PKCS82PKEY(p8inf)))
1173 PKCS8_PRIV_KEY_INFO_free(p8inf);
1174 EVP_PKEY_free(pkey);
1180 #ifndef OPENSSL_NO_SM2
1182 static int test_EVP_SM2_verify(void)
1184 /* From https://tools.ietf.org/html/draft-shen-sm2-ecdsa-02#appendix-A */
1185 const char *pubkey =
1186 "-----BEGIN PUBLIC KEY-----\n"
1187 "MIIBMzCB7AYHKoZIzj0CATCB4AIBATAsBgcqhkjOPQEBAiEAhULWnkwETxjouSQ1\n"
1188 "v2/33kVyg5FcRVF9ci7biwjx38MwRAQgeHlotPoyw/0kF4Quc7v+/y88hItoMdfg\n"
1189 "7GUiizk35JgEIGPkxtOyOwyEnPhCQUhL/kj2HVmlsWugbm4S0donxSSaBEEEQh3r\n"
1190 "1hti6rZ0ZDTrw8wxXjIiCzut1QvcTE5sFH/t1D0GgFEry7QsB9RzSdIVO3DE5df9\n"
1191 "/L+jbqGoWEG55G4JogIhAIVC1p5MBE8Y6LkkNb9v990pdyBjBIVijVrnTufDLnm3\n"
1192 "AgEBA0IABArkx3mKoPEZRxvuEYJb5GICu3nipYRElel8BP9N8lSKfAJA+I8c1OFj\n"
1193 "Uqc8F7fxbwc1PlOhdtaEqf4Ma7eY6Fc=\n"
1194 "-----END PUBLIC KEY-----\n";
1196 const char *msg = "message digest";
1197 const char *id = "ALICE123@YAHOO.COM";
1199 const uint8_t signature[] = {
1200 0x30, 0x44, 0x02, 0x20,
1202 0x40, 0xF1, 0xEC, 0x59, 0xF7, 0x93, 0xD9, 0xF4, 0x9E, 0x09, 0xDC,
1203 0xEF, 0x49, 0x13, 0x0D, 0x41, 0x94, 0xF7, 0x9F, 0xB1, 0xEE, 0xD2,
1204 0xCA, 0xA5, 0x5B, 0xAC, 0xDB, 0x49, 0xC4, 0xE7, 0x55, 0xD1,
1208 0x6F, 0xC6, 0xDA, 0xC3, 0x2C, 0x5D, 0x5C, 0xF1, 0x0C, 0x77, 0xDF,
1209 0xB2, 0x0F, 0x7C, 0x2E, 0xB6, 0x67, 0xA4, 0x57, 0x87, 0x2F, 0xB0,
1210 0x9E, 0xC5, 0x63, 0x27, 0xA6, 0x7E, 0xC7, 0xDE, 0xEB, 0xE7
1215 EVP_PKEY *pkey = NULL;
1216 EVP_MD_CTX *mctx = NULL;
1217 EVP_PKEY_CTX *pctx = NULL;
1219 bio = BIO_new_mem_buf(pubkey, strlen(pubkey));
1220 if (!TEST_true(bio != NULL))
1223 pkey = PEM_read_bio_PUBKEY(bio, NULL, NULL, NULL);
1224 if (!TEST_true(pkey != NULL))
1227 if (!TEST_true(EVP_PKEY_set_alias_type(pkey, EVP_PKEY_SM2)))
1230 if (!TEST_ptr(mctx = EVP_MD_CTX_new()))
1233 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new(pkey, NULL)))
1236 if (!TEST_int_gt(EVP_PKEY_CTX_set1_id(pctx, (const uint8_t *)id,
1240 EVP_MD_CTX_set_pkey_ctx(mctx, pctx);
1242 if (!TEST_true(EVP_DigestVerifyInit(mctx, NULL, EVP_sm3(), NULL, pkey)))
1245 if (!TEST_true(EVP_DigestVerifyUpdate(mctx, msg, strlen(msg))))
1248 if (!TEST_true(EVP_DigestVerifyFinal(mctx, signature, sizeof(signature))))
1254 EVP_PKEY_free(pkey);
1255 EVP_PKEY_CTX_free(pctx);
1256 EVP_MD_CTX_free(mctx);
1260 static int test_EVP_SM2(void)
1263 EVP_PKEY *pkey = NULL;
1264 EVP_PKEY *params = NULL;
1265 EVP_PKEY_CTX *pctx = NULL;
1266 EVP_PKEY_CTX *kctx = NULL;
1267 EVP_PKEY_CTX *sctx = NULL;
1269 unsigned char *sig = NULL;
1270 EVP_MD_CTX *md_ctx = NULL;
1271 EVP_MD_CTX *md_ctx_verify = NULL;
1272 EVP_PKEY_CTX *cctx = NULL;
1274 uint8_t ciphertext[128];
1275 size_t ctext_len = sizeof(ciphertext);
1277 uint8_t plaintext[8];
1278 size_t ptext_len = sizeof(plaintext);
1280 uint8_t sm2_id[] = {1, 2, 3, 4, 'l', 'e', 't', 't', 'e', 'r'};
1282 pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_EC, NULL);
1283 if (!TEST_ptr(pctx))
1286 if (!TEST_true(EVP_PKEY_paramgen_init(pctx) == 1))
1289 if (!TEST_true(EVP_PKEY_CTX_set_ec_paramgen_curve_nid(pctx, NID_sm2)))
1292 if (!TEST_true(EVP_PKEY_paramgen(pctx, ¶ms)))
1295 kctx = EVP_PKEY_CTX_new(params, NULL);
1296 if (!TEST_ptr(kctx))
1299 if (!TEST_true(EVP_PKEY_keygen_init(kctx)))
1302 if (!TEST_true(EVP_PKEY_keygen(kctx, &pkey)))
1305 if (!TEST_true(EVP_PKEY_set_alias_type(pkey, EVP_PKEY_SM2)))
1308 if (!TEST_ptr(md_ctx = EVP_MD_CTX_new()))
1311 if (!TEST_ptr(md_ctx_verify = EVP_MD_CTX_new()))
1314 if (!TEST_ptr(sctx = EVP_PKEY_CTX_new(pkey, NULL)))
1317 EVP_MD_CTX_set_pkey_ctx(md_ctx, sctx);
1318 EVP_MD_CTX_set_pkey_ctx(md_ctx_verify, sctx);
1320 if (!TEST_int_gt(EVP_PKEY_CTX_set1_id(sctx, sm2_id, sizeof(sm2_id)), 0))
1323 if (!TEST_true(EVP_DigestSignInit(md_ctx, NULL, EVP_sm3(), NULL, pkey)))
1326 if(!TEST_true(EVP_DigestSignUpdate(md_ctx, kMsg, sizeof(kMsg))))
1329 /* Determine the size of the signature. */
1330 if (!TEST_true(EVP_DigestSignFinal(md_ctx, NULL, &sig_len)))
1333 if (!TEST_size_t_eq(sig_len, (size_t)EVP_PKEY_size(pkey)))
1336 if (!TEST_ptr(sig = OPENSSL_malloc(sig_len)))
1339 if (!TEST_true(EVP_DigestSignFinal(md_ctx, sig, &sig_len)))
1342 /* Ensure that the signature round-trips. */
1344 if (!TEST_true(EVP_DigestVerifyInit(md_ctx_verify, NULL, EVP_sm3(), NULL, pkey)))
1347 if (!TEST_true(EVP_DigestVerifyUpdate(md_ctx_verify, kMsg, sizeof(kMsg))))
1350 if (!TEST_true(EVP_DigestVerifyFinal(md_ctx_verify, sig, sig_len)))
1353 /* now check encryption/decryption */
1355 if (!TEST_ptr(cctx = EVP_PKEY_CTX_new(pkey, NULL)))
1358 if (!TEST_true(EVP_PKEY_encrypt_init(cctx)))
1361 if (!TEST_true(EVP_PKEY_encrypt(cctx, ciphertext, &ctext_len, kMsg, sizeof(kMsg))))
1364 if (!TEST_true(EVP_PKEY_decrypt_init(cctx)))
1367 if (!TEST_true(EVP_PKEY_decrypt(cctx, plaintext, &ptext_len, ciphertext, ctext_len)))
1370 if (!TEST_true(ptext_len == sizeof(kMsg)))
1373 if (!TEST_true(memcmp(plaintext, kMsg, sizeof(kMsg)) == 0))
1378 EVP_PKEY_CTX_free(pctx);
1379 EVP_PKEY_CTX_free(kctx);
1380 EVP_PKEY_CTX_free(sctx);
1381 EVP_PKEY_CTX_free(cctx);
1382 EVP_PKEY_free(pkey);
1383 EVP_PKEY_free(params);
1384 EVP_MD_CTX_free(md_ctx);
1385 EVP_MD_CTX_free(md_ctx_verify);
1392 static struct keys_st {
1398 EVP_PKEY_HMAC, "0123456789", NULL
1399 #ifndef OPENSSL_NO_POLY1305
1401 EVP_PKEY_POLY1305, "01234567890123456789012345678901", NULL
1403 #ifndef OPENSSL_NO_SIPHASH
1405 EVP_PKEY_SIPHASH, "0123456789012345", NULL
1408 #ifndef OPENSSL_NO_EC
1410 EVP_PKEY_X25519, "01234567890123456789012345678901",
1411 "abcdefghijklmnopqrstuvwxyzabcdef"
1413 EVP_PKEY_ED25519, "01234567890123456789012345678901",
1414 "abcdefghijklmnopqrstuvwxyzabcdef"
1417 "01234567890123456789012345678901234567890123456789012345",
1418 "abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcd"
1421 "012345678901234567890123456789012345678901234567890123456",
1422 "abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcde"
1427 static int test_set_get_raw_keys_int(int tst, int pub)
1430 unsigned char buf[80];
1432 size_t inlen, len = 0;
1435 /* Check if this algorithm supports public keys */
1436 if (pub && keys[tst].pub == NULL)
1439 memset(buf, 0, sizeof(buf));
1442 #ifndef OPENSSL_NO_EC
1443 inlen = strlen(keys[tst].pub);
1444 in = (unsigned char *)keys[tst].pub;
1445 pkey = EVP_PKEY_new_raw_public_key(keys[tst].type,
1453 inlen = strlen(keys[tst].priv);
1454 in = (unsigned char *)keys[tst].priv;
1455 pkey = EVP_PKEY_new_raw_private_key(keys[tst].type,
1462 || !TEST_int_eq(EVP_PKEY_cmp(pkey, pkey), 1)
1463 || (!pub && !TEST_true(EVP_PKEY_get_raw_private_key(pkey, NULL, &len)))
1464 || (pub && !TEST_true(EVP_PKEY_get_raw_public_key(pkey, NULL, &len)))
1465 || !TEST_true(len == inlen)
1466 || (!pub && !TEST_true(EVP_PKEY_get_raw_private_key(pkey, buf, &len)))
1467 || (pub && !TEST_true(EVP_PKEY_get_raw_public_key(pkey, buf, &len)))
1468 || !TEST_mem_eq(in, inlen, buf, len))
1473 EVP_PKEY_free(pkey);
1477 static int test_set_get_raw_keys(int tst)
1479 return test_set_get_raw_keys_int(tst, 0)
1480 && test_set_get_raw_keys_int(tst, 1);
1483 static int pkey_custom_check(EVP_PKEY *pkey)
1488 static int pkey_custom_pub_check(EVP_PKEY *pkey)
1493 static int pkey_custom_param_check(EVP_PKEY *pkey)
1498 static EVP_PKEY_METHOD *custom_pmeth;
1500 static int test_EVP_PKEY_check(int i)
1503 const unsigned char *p;
1504 EVP_PKEY *pkey = NULL;
1505 #ifndef OPENSSL_NO_EC
1506 EC_KEY *eckey = NULL;
1508 EVP_PKEY_CTX *ctx = NULL;
1509 EVP_PKEY_CTX *ctx2 = NULL;
1510 const APK_DATA *ak = &keycheckdata[i];
1511 const unsigned char *input = ak->kder;
1512 size_t input_len = ak->size;
1513 int expected_id = ak->evptype;
1514 int expected_check = ak->check;
1515 int expected_pub_check = ak->pub_check;
1516 int expected_param_check = ak->param_check;
1517 int type = ak->type;
1524 if (!TEST_ptr(pkey = d2i_AutoPrivateKey(NULL, &p, input_len))
1525 || !TEST_ptr_eq(p, input + input_len)
1526 || !TEST_int_eq(EVP_PKEY_id(pkey), expected_id))
1529 #ifndef OPENSSL_NO_EC
1531 if (!TEST_ptr(pubkey = BIO_new_mem_buf(input, input_len))
1532 || !TEST_ptr(eckey = d2i_EC_PUBKEY_bio(pubkey, NULL))
1533 || !TEST_ptr(pkey = EVP_PKEY_new())
1534 || !TEST_true(EVP_PKEY_assign_EC_KEY(pkey, eckey)))
1538 if (!TEST_ptr(eckey = d2i_ECParameters(NULL, &p, input_len))
1539 || !TEST_ptr_eq(p, input + input_len)
1540 || !TEST_ptr(pkey = EVP_PKEY_new())
1541 || !TEST_true(EVP_PKEY_assign_EC_KEY(pkey, eckey)))
1549 if (!TEST_ptr(ctx = EVP_PKEY_CTX_new(pkey, NULL)))
1552 if (!TEST_int_eq(EVP_PKEY_check(ctx), expected_check))
1555 if (!TEST_int_eq(EVP_PKEY_public_check(ctx), expected_pub_check))
1558 if (!TEST_int_eq(EVP_PKEY_param_check(ctx), expected_param_check))
1561 ctx2 = EVP_PKEY_CTX_new_id(0xdefaced, NULL);
1562 /* assign the pkey directly, as an internal test */
1563 EVP_PKEY_up_ref(pkey);
1566 if (!TEST_int_eq(EVP_PKEY_check(ctx2), 0xbeef))
1569 if (!TEST_int_eq(EVP_PKEY_public_check(ctx2), 0xbeef))
1572 if (!TEST_int_eq(EVP_PKEY_param_check(ctx2), 0xbeef))
1578 EVP_PKEY_CTX_free(ctx);
1579 EVP_PKEY_CTX_free(ctx2);
1580 EVP_PKEY_free(pkey);
1585 static int test_HKDF(void)
1588 unsigned char out[20];
1591 unsigned char salt[] = "0123456789";
1592 unsigned char key[] = "012345678901234567890123456789";
1593 unsigned char info[] = "infostring";
1594 const unsigned char expected[] = {
1595 0xe5, 0x07, 0x70, 0x7f, 0xc6, 0x78, 0xd6, 0x54, 0x32, 0x5f, 0x7e, 0xc5,
1596 0x7b, 0x59, 0x3e, 0xd8, 0x03, 0x6b, 0xed, 0xca
1598 size_t expectedlen = sizeof(expected);
1600 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_HKDF, NULL)))
1603 /* We do this twice to test reuse of the EVP_PKEY_CTX */
1604 for (i = 0; i < 2; i++) {
1605 outlen = sizeof(out);
1606 memset(out, 0, outlen);
1608 if (!TEST_int_gt(EVP_PKEY_derive_init(pctx), 0)
1609 || !TEST_int_gt(EVP_PKEY_CTX_set_hkdf_md(pctx, EVP_sha256()), 0)
1610 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_salt(pctx, salt,
1611 sizeof(salt) - 1), 0)
1612 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_key(pctx, key,
1613 sizeof(key) - 1), 0)
1614 || !TEST_int_gt(EVP_PKEY_CTX_add1_hkdf_info(pctx, info,
1615 sizeof(info) - 1), 0)
1616 || !TEST_int_gt(EVP_PKEY_derive(pctx, out, &outlen), 0)
1617 || !TEST_mem_eq(out, outlen, expected, expectedlen))
1624 EVP_PKEY_CTX_free(pctx);
1629 #ifndef OPENSSL_NO_EC
1630 static int test_X509_PUBKEY_inplace(void)
1633 X509_PUBKEY *xp = NULL;
1634 const unsigned char *p = kExampleECPubKeyDER;
1635 size_t input_len = sizeof(kExampleECPubKeyDER);
1637 if (!TEST_ptr(xp = d2i_X509_PUBKEY(NULL, &p, input_len)))
1640 if (!TEST_ptr(X509_PUBKEY_get0(xp)))
1643 p = kExampleBadECPubKeyDER;
1644 input_len = sizeof(kExampleBadECPubKeyDER);
1646 if (!TEST_ptr(xp = d2i_X509_PUBKEY(&xp, &p, input_len)))
1649 if (!TEST_true(X509_PUBKEY_get0(xp) == NULL))
1655 X509_PUBKEY_free(xp);
1660 #if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
1661 static int test_decrypt_null_chunks(void)
1663 EVP_CIPHER_CTX* ctx = NULL;
1664 const unsigned char key[32] = {
1665 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
1666 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
1667 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1
1669 unsigned char iv[12] = {
1670 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b
1672 unsigned char msg[] = "It was the best of times, it was the worst of times";
1673 unsigned char ciphertext[80];
1674 unsigned char plaintext[80];
1675 /* We initialise tmp to a non zero value on purpose */
1676 int ctlen, ptlen, tmp = 99;
1678 const int enc_offset = 10, dec_offset = 20;
1680 if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new())
1681 || !TEST_true(EVP_EncryptInit_ex(ctx, EVP_chacha20_poly1305(), NULL,
1683 || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext, &ctlen, msg,
1685 /* Deliberate add a zero length update */
1686 || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext + ctlen, &tmp, NULL,
1688 || !TEST_int_eq(tmp, 0)
1689 || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext + ctlen, &tmp,
1691 sizeof(msg) - enc_offset))
1692 || !TEST_int_eq(ctlen += tmp, sizeof(msg))
1693 || !TEST_true(EVP_EncryptFinal(ctx, ciphertext + ctlen, &tmp))
1694 || !TEST_int_eq(tmp, 0))
1697 /* Deliberately initialise tmp to a non zero value */
1699 if (!TEST_true(EVP_DecryptInit_ex(ctx, EVP_chacha20_poly1305(), NULL, key,
1701 || !TEST_true(EVP_DecryptUpdate(ctx, plaintext, &ptlen, ciphertext,
1704 * Deliberately add a zero length update. We also deliberately do
1705 * this at a different offset than for encryption.
1707 || !TEST_true(EVP_DecryptUpdate(ctx, plaintext + ptlen, &tmp, NULL,
1709 || !TEST_int_eq(tmp, 0)
1710 || !TEST_true(EVP_DecryptUpdate(ctx, plaintext + ptlen, &tmp,
1711 ciphertext + dec_offset,
1712 ctlen - dec_offset))
1713 || !TEST_int_eq(ptlen += tmp, sizeof(msg))
1714 || !TEST_true(EVP_DecryptFinal(ctx, plaintext + ptlen, &tmp))
1715 || !TEST_int_eq(tmp, 0)
1716 || !TEST_mem_eq(msg, sizeof(msg), plaintext, ptlen))
1721 EVP_CIPHER_CTX_free(ctx);
1724 #endif /* !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305) */
1726 #ifndef OPENSSL_NO_DH
1727 static int test_EVP_PKEY_set1_DH(void)
1729 DH *x942dh, *pkcs3dh;
1730 EVP_PKEY *pkey1, *pkey2;
1733 x942dh = DH_get_2048_256();
1734 pkcs3dh = DH_new_by_nid(NID_ffdhe2048);
1735 pkey1 = EVP_PKEY_new();
1736 pkey2 = EVP_PKEY_new();
1737 if (!TEST_ptr(x942dh)
1738 || !TEST_ptr(pkcs3dh)
1740 || !TEST_ptr(pkey2))
1743 if(!TEST_true(EVP_PKEY_set1_DH(pkey1, x942dh))
1744 || !TEST_int_eq(EVP_PKEY_id(pkey1), EVP_PKEY_DHX))
1748 if(!TEST_true(EVP_PKEY_set1_DH(pkey2, pkcs3dh))
1749 || !TEST_int_eq(EVP_PKEY_id(pkey2), EVP_PKEY_DH))
1754 EVP_PKEY_free(pkey1);
1755 EVP_PKEY_free(pkey2);
1763 int setup_tests(void)
1765 ADD_TEST(test_EVP_DigestSignInit);
1766 ADD_TEST(test_EVP_DigestVerifyInit);
1767 ADD_TEST(test_EVP_Enveloped);
1768 ADD_ALL_TESTS(test_d2i_AutoPrivateKey, OSSL_NELEM(keydata));
1769 #ifndef OPENSSL_NO_EC
1770 ADD_TEST(test_EVP_PKCS82PKEY);
1772 #ifndef OPENSSL_NO_SM2
1773 ADD_TEST(test_EVP_SM2);
1774 ADD_TEST(test_EVP_SM2_verify);
1776 ADD_ALL_TESTS(test_set_get_raw_keys, OSSL_NELEM(keys));
1777 custom_pmeth = EVP_PKEY_meth_new(0xdefaced, 0);
1778 if (!TEST_ptr(custom_pmeth))
1780 EVP_PKEY_meth_set_check(custom_pmeth, pkey_custom_check);
1781 EVP_PKEY_meth_set_public_check(custom_pmeth, pkey_custom_pub_check);
1782 EVP_PKEY_meth_set_param_check(custom_pmeth, pkey_custom_param_check);
1783 if (!TEST_int_eq(EVP_PKEY_meth_add0(custom_pmeth), 1))
1785 ADD_ALL_TESTS(test_EVP_PKEY_check, OSSL_NELEM(keycheckdata));
1786 ADD_TEST(test_HKDF);
1787 #ifndef OPENSSL_NO_EC
1788 ADD_TEST(test_X509_PUBKEY_inplace);
1789 ADD_ALL_TESTS(test_invalide_ec_char2_pub_range_decode,
1790 OSSL_NELEM(ec_der_pub_keys));
1792 #if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
1793 ADD_TEST(test_decrypt_null_chunks);
1795 #ifndef OPENSSL_NO_DH
1796 ADD_TEST(test_EVP_PKEY_set1_DH);
1799 ADD_ALL_TESTS(test_evp_init_seq, OSSL_NELEM(evp_init_tests));
1800 ADD_ALL_TESTS(test_evp_reset, OSSL_NELEM(evp_reset_tests));
1801 ADD_ALL_TESTS(test_gcm_reinit, OSSL_NELEM(gcm_reinit_tests));
1802 ADD_ALL_TESTS(test_evp_updated_iv, OSSL_NELEM(evp_updated_iv_tests));