1 /*
2 * Copyright 2015-2022 The OpenSSL Project Authors. All Rights Reserved.
3 *
4 * Licensed under the OpenSSL license (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
8 */
9
10 #include <stdio.h>
11 #include <stdlib.h>
12 #include <string.h>
13 #include <openssl/aes.h>
14 #include <openssl/bio.h>
15 #include <openssl/crypto.h>
16 #include <openssl/err.h>
17 #include <openssl/evp.h>
18 #include <openssl/rsa.h>
19 #include <openssl/x509.h>
20 #include <openssl/pem.h>
21 #include <openssl/kdf.h>
22 #include <openssl/dh.h>
23 #include <openssl/engine.h>
24 #include "testutil.h"
25 #include "internal/nelem.h"
26 #include "crypto/evp.h"
27
28 /*
29 * kExampleRSAKeyDER is an RSA private key in ASN.1, DER format. Of course, you
30 * should never use this key anywhere but in an example.
31 */
32 static const unsigned char kExampleRSAKeyDER[] = {
33 0x30, 0x82, 0x02, 0x5c, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81, 0x00, 0xf8,
34 0xb8, 0x6c, 0x83, 0xb4, 0xbc, 0xd9, 0xa8, 0x57, 0xc0, 0xa5, 0xb4, 0x59,
35 0x76, 0x8c, 0x54, 0x1d, 0x79, 0xeb, 0x22, 0x52, 0x04, 0x7e, 0xd3, 0x37,
36 0xeb, 0x41, 0xfd, 0x83, 0xf9, 0xf0, 0xa6, 0x85, 0x15, 0x34, 0x75, 0x71,
37 0x5a, 0x84, 0xa8, 0x3c, 0xd2, 0xef, 0x5a, 0x4e, 0xd3, 0xde, 0x97, 0x8a,
38 0xdd, 0xff, 0xbb, 0xcf, 0x0a, 0xaa, 0x86, 0x92, 0xbe, 0xb8, 0x50, 0xe4,
39 0xcd, 0x6f, 0x80, 0x33, 0x30, 0x76, 0x13, 0x8f, 0xca, 0x7b, 0xdc, 0xec,
40 0x5a, 0xca, 0x63, 0xc7, 0x03, 0x25, 0xef, 0xa8, 0x8a, 0x83, 0x58, 0x76,
41 0x20, 0xfa, 0x16, 0x77, 0xd7, 0x79, 0x92, 0x63, 0x01, 0x48, 0x1a, 0xd8,
42 0x7b, 0x67, 0xf1, 0x52, 0x55, 0x49, 0x4e, 0xd6, 0x6e, 0x4a, 0x5c, 0xd7,
43 0x7a, 0x37, 0x36, 0x0c, 0xde, 0xdd, 0x8f, 0x44, 0xe8, 0xc2, 0xa7, 0x2c,
44 0x2b, 0xb5, 0xaf, 0x64, 0x4b, 0x61, 0x07, 0x02, 0x03, 0x01, 0x00, 0x01,
45 0x02, 0x81, 0x80, 0x74, 0x88, 0x64, 0x3f, 0x69, 0x45, 0x3a, 0x6d, 0xc7,
46 0x7f, 0xb9, 0xa3, 0xc0, 0x6e, 0xec, 0xdc, 0xd4, 0x5a, 0xb5, 0x32, 0x85,
47 0x5f, 0x19, 0xd4, 0xf8, 0xd4, 0x3f, 0x3c, 0xfa, 0xc2, 0xf6, 0x5f, 0xee,
48 0xe6, 0xba, 0x87, 0x74, 0x2e, 0xc7, 0x0c, 0xd4, 0x42, 0xb8, 0x66, 0x85,
49 0x9c, 0x7b, 0x24, 0x61, 0xaa, 0x16, 0x11, 0xf6, 0xb5, 0xb6, 0xa4, 0x0a,
50 0xc9, 0x55, 0x2e, 0x81, 0xa5, 0x47, 0x61, 0xcb, 0x25, 0x8f, 0xc2, 0x15,
51 0x7b, 0x0e, 0x7c, 0x36, 0x9f, 0x3a, 0xda, 0x58, 0x86, 0x1c, 0x5b, 0x83,
52 0x79, 0xe6, 0x2b, 0xcc, 0xe6, 0xfa, 0x2c, 0x61, 0xf2, 0x78, 0x80, 0x1b,
53 0xe2, 0xf3, 0x9d, 0x39, 0x2b, 0x65, 0x57, 0x91, 0x3d, 0x71, 0x99, 0x73,
54 0xa5, 0xc2, 0x79, 0x20, 0x8c, 0x07, 0x4f, 0xe5, 0xb4, 0x60, 0x1f, 0x99,
55 0xa2, 0xb1, 0x4f, 0x0c, 0xef, 0xbc, 0x59, 0x53, 0x00, 0x7d, 0xb1, 0x02,
56 0x41, 0x00, 0xfc, 0x7e, 0x23, 0x65, 0x70, 0xf8, 0xce, 0xd3, 0x40, 0x41,
57 0x80, 0x6a, 0x1d, 0x01, 0xd6, 0x01, 0xff, 0xb6, 0x1b, 0x3d, 0x3d, 0x59,
58 0x09, 0x33, 0x79, 0xc0, 0x4f, 0xde, 0x96, 0x27, 0x4b, 0x18, 0xc6, 0xd9,
59 0x78, 0xf1, 0xf4, 0x35, 0x46, 0xe9, 0x7c, 0x42, 0x7a, 0x5d, 0x9f, 0xef,
60 0x54, 0xb8, 0xf7, 0x9f, 0xc4, 0x33, 0x6c, 0xf3, 0x8c, 0x32, 0x46, 0x87,
61 0x67, 0x30, 0x7b, 0xa7, 0xac, 0xe3, 0x02, 0x41, 0x00, 0xfc, 0x2c, 0xdf,
62 0x0c, 0x0d, 0x88, 0xf5, 0xb1, 0x92, 0xa8, 0x93, 0x47, 0x63, 0x55, 0xf5,
63 0xca, 0x58, 0x43, 0xba, 0x1c, 0xe5, 0x9e, 0xb6, 0x95, 0x05, 0xcd, 0xb5,
64 0x82, 0xdf, 0xeb, 0x04, 0x53, 0x9d, 0xbd, 0xc2, 0x38, 0x16, 0xb3, 0x62,
65 0xdd, 0xa1, 0x46, 0xdb, 0x6d, 0x97, 0x93, 0x9f, 0x8a, 0xc3, 0x9b, 0x64,
66 0x7e, 0x42, 0xe3, 0x32, 0x57, 0x19, 0x1b, 0xd5, 0x6e, 0x85, 0xfa, 0xb8,
67 0x8d, 0x02, 0x41, 0x00, 0xbc, 0x3d, 0xde, 0x6d, 0xd6, 0x97, 0xe8, 0xba,
68 0x9e, 0x81, 0x37, 0x17, 0xe5, 0xa0, 0x64, 0xc9, 0x00, 0xb7, 0xe7, 0xfe,
69 0xf4, 0x29, 0xd9, 0x2e, 0x43, 0x6b, 0x19, 0x20, 0xbd, 0x99, 0x75, 0xe7,
70 0x76, 0xf8, 0xd3, 0xae, 0xaf, 0x7e, 0xb8, 0xeb, 0x81, 0xf4, 0x9d, 0xfe,
71 0x07, 0x2b, 0x0b, 0x63, 0x0b, 0x5a, 0x55, 0x90, 0x71, 0x7d, 0xf1, 0xdb,
72 0xd9, 0xb1, 0x41, 0x41, 0x68, 0x2f, 0x4e, 0x39, 0x02, 0x40, 0x5a, 0x34,
73 0x66, 0xd8, 0xf5, 0xe2, 0x7f, 0x18, 0xb5, 0x00, 0x6e, 0x26, 0x84, 0x27,
74 0x14, 0x93, 0xfb, 0xfc, 0xc6, 0x0f, 0x5e, 0x27, 0xe6, 0xe1, 0xe9, 0xc0,
75 0x8a, 0xe4, 0x34, 0xda, 0xe9, 0xa2, 0x4b, 0x73, 0xbc, 0x8c, 0xb9, 0xba,
76 0x13, 0x6c, 0x7a, 0x2b, 0x51, 0x84, 0xa3, 0x4a, 0xe0, 0x30, 0x10, 0x06,
77 0x7e, 0xed, 0x17, 0x5a, 0x14, 0x00, 0xc9, 0xef, 0x85, 0xea, 0x52, 0x2c,
78 0xbc, 0x65, 0x02, 0x40, 0x51, 0xe3, 0xf2, 0x83, 0x19, 0x9b, 0xc4, 0x1e,
79 0x2f, 0x50, 0x3d, 0xdf, 0x5a, 0xa2, 0x18, 0xca, 0x5f, 0x2e, 0x49, 0xaf,
80 0x6f, 0xcc, 0xfa, 0x65, 0x77, 0x94, 0xb5, 0xa1, 0x0a, 0xa9, 0xd1, 0x8a,
81 0x39, 0x37, 0xf4, 0x0b, 0xa0, 0xd7, 0x82, 0x27, 0x5e, 0xae, 0x17, 0x17,
82 0xa1, 0x1e, 0x54, 0x34, 0xbf, 0x6e, 0xc4, 0x8e, 0x99, 0x5d, 0x08, 0xf1,
83 0x2d, 0x86, 0x9d, 0xa5, 0x20, 0x1b, 0xe5, 0xdf,
84 };
85
86 /*
87 * kExampleBadRSAKeyDER is an RSA private key in ASN.1, DER format. The private
88 * components are not correct.
89 */
90 static const unsigned char kExampleBadRSAKeyDER[] = {
91 0x30, 0x82, 0x04, 0x27, 0x02, 0x01, 0x00, 0x02, 0x82, 0x01, 0x01, 0x00,
92 0xa6, 0x1a, 0x1e, 0x6e, 0x7b, 0xee, 0xc6, 0x89, 0x66, 0xe7, 0x93, 0xef,
93 0x54, 0x12, 0x68, 0xea, 0xbf, 0x86, 0x2f, 0xdd, 0xd2, 0x79, 0xb8, 0xa9,
94 0x6e, 0x03, 0xc2, 0xa3, 0xb9, 0xa3, 0xe1, 0x4b, 0x2a, 0xb3, 0xf8, 0xb4,
95 0xcd, 0xea, 0xbe, 0x24, 0xa6, 0x57, 0x5b, 0x83, 0x1f, 0x0f, 0xf2, 0xd3,
96 0xb7, 0xac, 0x7e, 0xd6, 0x8e, 0x6e, 0x1e, 0xbf, 0xb8, 0x73, 0x8c, 0x05,
97 0x56, 0xe6, 0x35, 0x1f, 0xe9, 0x04, 0x0b, 0x09, 0x86, 0x7d, 0xf1, 0x26,
98 0x08, 0x99, 0xad, 0x7b, 0xc8, 0x4d, 0x94, 0xb0, 0x0b, 0x8b, 0x38, 0xa0,
99 0x5c, 0x62, 0xa0, 0xab, 0xd3, 0x8f, 0xd4, 0x09, 0x60, 0x72, 0x1e, 0x33,
100 0x50, 0x80, 0x6e, 0x22, 0xa6, 0x77, 0x57, 0x6b, 0x9a, 0x33, 0x21, 0x66,
101 0x87, 0x6e, 0x21, 0x7b, 0xc7, 0x24, 0x0e, 0xd8, 0x13, 0xdf, 0x83, 0xde,
102 0xcd, 0x40, 0x58, 0x1d, 0x84, 0x86, 0xeb, 0xb8, 0x12, 0x4e, 0xd2, 0xfa,
103 0x80, 0x1f, 0xe4, 0xe7, 0x96, 0x29, 0xb8, 0xcc, 0xce, 0x66, 0x6d, 0x53,
104 0xca, 0xb9, 0x5a, 0xd7, 0xf6, 0x84, 0x6c, 0x2d, 0x9a, 0x1a, 0x14, 0x1c,
105 0x4e, 0x93, 0x39, 0xba, 0x74, 0xed, 0xed, 0x87, 0x87, 0x5e, 0x48, 0x75,
106 0x36, 0xf0, 0xbc, 0x34, 0xfb, 0x29, 0xf9, 0x9f, 0x96, 0x5b, 0x0b, 0xa7,
107 0x54, 0x30, 0x51, 0x29, 0x18, 0x5b, 0x7d, 0xac, 0x0f, 0xd6, 0x5f, 0x7c,
108 0xf8, 0x98, 0x8c, 0xd8, 0x86, 0x62, 0xb3, 0xdc, 0xff, 0x0f, 0xff, 0x7a,
109 0xaf, 0x5c, 0x4c, 0x61, 0x49, 0x2e, 0xc8, 0x95, 0x86, 0xc4, 0x0e, 0x87,
110 0xfc, 0x1d, 0xcf, 0x8b, 0x7c, 0x61, 0xf6, 0xd8, 0xd0, 0x69, 0xf6, 0xcd,
111 0x8a, 0x8c, 0xf6, 0x62, 0xa2, 0x56, 0xa9, 0xe3, 0xd1, 0xcf, 0x4d, 0xa0,
112 0xf6, 0x2d, 0x20, 0x0a, 0x04, 0xb7, 0xa2, 0xf7, 0xb5, 0x99, 0x47, 0x18,
113 0x56, 0x85, 0x87, 0xc7, 0x02, 0x03, 0x01, 0x00, 0x01, 0x02, 0x82, 0x01,
114 0x01, 0x00, 0x99, 0x41, 0x38, 0x1a, 0xd0, 0x96, 0x7a, 0xf0, 0x83, 0xd5,
115 0xdf, 0x94, 0xce, 0x89, 0x3d, 0xec, 0x7a, 0x52, 0x21, 0x10, 0x16, 0x06,
116 0xe0, 0xee, 0xd2, 0xe6, 0xfd, 0x4b, 0x7b, 0x19, 0x4d, 0xe1, 0xc0, 0xc0,
117 0xd5, 0x14, 0x5d, 0x79, 0xdd, 0x7e, 0x8b, 0x4b, 0xc6, 0xcf, 0xb0, 0x75,
118 0x52, 0xa3, 0x2d, 0xb1, 0x26, 0x46, 0x68, 0x9c, 0x0a, 0x1a, 0xf2, 0xe1,
119 0x09, 0xac, 0x53, 0x85, 0x8c, 0x36, 0xa9, 0x14, 0x65, 0xea, 0xa0, 0x00,
120 0xcb, 0xe3, 0x3f, 0xc4, 0x2b, 0x61, 0x2e, 0x6b, 0x06, 0x69, 0x77, 0xfd,
121 0x38, 0x7e, 0x1d, 0x3f, 0x92, 0xe7, 0x77, 0x08, 0x19, 0xa7, 0x9d, 0x29,
122 0x2d, 0xdc, 0x42, 0xc6, 0x7c, 0xd7, 0xd3, 0xa8, 0x01, 0x2c, 0xf2, 0xd5,
123 0x82, 0x57, 0xcb, 0x55, 0x3d, 0xe7, 0xaa, 0xd2, 0x06, 0x30, 0x30, 0x05,
124 0xe6, 0xf2, 0x47, 0x86, 0xba, 0xc6, 0x61, 0x64, 0xeb, 0x4f, 0x2a, 0x5e,
125 0x07, 0x29, 0xe0, 0x96, 0xb2, 0x43, 0xff, 0x5f, 0x1a, 0x54, 0x16, 0xcf,
126 0xb5, 0x56, 0x5c, 0xa0, 0x9b, 0x0c, 0xfd, 0xb3, 0xd2, 0xe3, 0x79, 0x1d,
127 0x21, 0xe2, 0xd6, 0x13, 0xc4, 0x74, 0xa6, 0xf5, 0x8e, 0x8e, 0x81, 0xbb,
128 0xb4, 0xad, 0x8a, 0xf0, 0x93, 0x0a, 0xd8, 0x0a, 0x42, 0x36, 0xbc, 0xe5,
129 0x26, 0x2a, 0x0d, 0x5d, 0x57, 0x13, 0xc5, 0x4e, 0x2f, 0x12, 0x0e, 0xef,
130 0xa7, 0x81, 0x1e, 0xc3, 0xa5, 0xdb, 0xc9, 0x24, 0xeb, 0x1a, 0xa1, 0xf9,
131 0xf6, 0xa1, 0x78, 0x98, 0x93, 0x77, 0x42, 0x45, 0x03, 0xe2, 0xc9, 0xa2,
132 0xfe, 0x2d, 0x77, 0xc8, 0xc6, 0xac, 0x9b, 0x98, 0x89, 0x6d, 0x9a, 0xe7,
133 0x61, 0x63, 0xb7, 0xf2, 0xec, 0xd6, 0xb1, 0xa1, 0x6e, 0x0a, 0x1a, 0xff,
134 0xfd, 0x43, 0x28, 0xc3, 0x0c, 0xdc, 0xf2, 0x47, 0x4f, 0x27, 0xaa, 0x99,
135 0x04, 0x8e, 0xac, 0xe8, 0x7c, 0x01, 0x02, 0x04, 0x12, 0x34, 0x56, 0x78,
136 0x02, 0x81, 0x81, 0x00, 0xca, 0x69, 0xe5, 0xbb, 0x3a, 0x90, 0x82, 0xcb,
137 0x82, 0x50, 0x2f, 0x29, 0xe2, 0x76, 0x6a, 0x57, 0x55, 0x45, 0x4e, 0x35,
138 0x18, 0x61, 0xe0, 0x12, 0x70, 0xc0, 0xab, 0xc7, 0x80, 0xa2, 0xd4, 0x46,
139 0x34, 0x03, 0xa0, 0x19, 0x26, 0x23, 0x9e, 0xef, 0x1a, 0xcb, 0x75, 0xd6,
140 0xba, 0x81, 0xf4, 0x7e, 0x52, 0xe5, 0x2a, 0xe8, 0xf1, 0x49, 0x6c, 0x0f,
141 0x1a, 0xa0, 0xf9, 0xc6, 0xe7, 0xec, 0x60, 0xe4, 0xcb, 0x2a, 0xb5, 0x56,
142 0xe9, 0x9c, 0xcd, 0x19, 0x75, 0x92, 0xb1, 0x66, 0xce, 0xc3, 0xd9, 0x3d,
143 0x11, 0xcb, 0xc4, 0x09, 0xce, 0x1e, 0x30, 0xba, 0x2f, 0x60, 0x60, 0x55,
144 0x8d, 0x02, 0xdc, 0x5d, 0xaf, 0xf7, 0x52, 0x31, 0x17, 0x07, 0x53, 0x20,
145 0x33, 0xad, 0x8c, 0xd5, 0x2f, 0x5a, 0xd0, 0x57, 0xd7, 0xd1, 0x80, 0xd6,
146 0x3a, 0x9b, 0x04, 0x4f, 0x35, 0xbf, 0xe7, 0xd5, 0xbc, 0x8f, 0xd4, 0x81,
147 0x02, 0x81, 0x81, 0x00, 0xc0, 0x9f, 0xf8, 0xcd, 0xf7, 0x3f, 0x26, 0x8a,
148 0x3d, 0x4d, 0x2b, 0x0c, 0x01, 0xd0, 0xa2, 0xb4, 0x18, 0xfe, 0xf7, 0x5e,
149 0x2f, 0x06, 0x13, 0xcd, 0x63, 0xaa, 0x12, 0xa9, 0x24, 0x86, 0xe3, 0xf3,
150 0x7b, 0xda, 0x1a, 0x3c, 0xb1, 0x38, 0x80, 0x80, 0xef, 0x64, 0x64, 0xa1,
151 0x9b, 0xfe, 0x76, 0x63, 0x8e, 0x83, 0xd2, 0xd9, 0xb9, 0x86, 0xb0, 0xe6,
152 0xa6, 0x0c, 0x7e, 0xa8, 0x84, 0x90, 0x98, 0x0c, 0x1e, 0xf3, 0x14, 0x77,
153 0xe0, 0x5f, 0x81, 0x08, 0x11, 0x8f, 0xa6, 0x23, 0xc4, 0xba, 0xc0, 0x8a,
154 0xe4, 0xc6, 0xe3, 0x5c, 0xbe, 0xc5, 0xec, 0x2c, 0xb9, 0xd8, 0x8c, 0x4d,
155 0x1a, 0x9d, 0xe7, 0x7c, 0x85, 0x4c, 0x0d, 0x71, 0x4e, 0x72, 0x33, 0x1b,
156 0xfe, 0xa9, 0x17, 0x72, 0x76, 0x56, 0x9d, 0x74, 0x7e, 0x52, 0x67, 0x9a,
157 0x87, 0x9a, 0xdb, 0x30, 0xde, 0xe4, 0x49, 0x28, 0x3b, 0xd2, 0x67, 0xaf,
158 0x02, 0x81, 0x81, 0x00, 0x89, 0x74, 0x9a, 0x8e, 0xa7, 0xb9, 0xa5, 0x28,
159 0xc0, 0x68, 0xe5, 0x6e, 0x63, 0x1c, 0x99, 0x20, 0x8f, 0x86, 0x8e, 0x12,
160 0x9e, 0x69, 0x30, 0xfa, 0x34, 0xd9, 0x92, 0x8d, 0xdb, 0x7c, 0x37, 0xfd,
161 0x28, 0xab, 0x61, 0x98, 0x52, 0x7f, 0x14, 0x1a, 0x39, 0xae, 0xfb, 0x6a,
162 0x03, 0xa3, 0xe6, 0xbd, 0xb6, 0x5b, 0x6b, 0xe5, 0x5e, 0x9d, 0xc6, 0xa5,
163 0x07, 0x27, 0x54, 0x17, 0xd0, 0x3d, 0x84, 0x9b, 0x3a, 0xa0, 0xd9, 0x1e,
164 0x99, 0x6c, 0x63, 0x17, 0xab, 0xf1, 0x1f, 0x49, 0xba, 0x95, 0xe3, 0x3b,
165 0x86, 0x8f, 0x42, 0xa4, 0x89, 0xf5, 0x94, 0x8f, 0x8b, 0x46, 0xbe, 0x84,
166 0xba, 0x4a, 0xbc, 0x0d, 0x5f, 0x46, 0xeb, 0xe8, 0xec, 0x43, 0x8c, 0x1e,
167 0xad, 0x19, 0x69, 0x2f, 0x08, 0x86, 0x7a, 0x3f, 0x7d, 0x0f, 0x07, 0x97,
168 0xf3, 0x9a, 0x7b, 0xb5, 0xb2, 0xc1, 0x8c, 0x95, 0x68, 0x04, 0xa0, 0x81,
169 0x02, 0x81, 0x80, 0x4e, 0xbf, 0x7e, 0x1b, 0xcb, 0x13, 0x61, 0x75, 0x3b,
170 0xdb, 0x59, 0x5f, 0xb1, 0xd4, 0xb8, 0xeb, 0x9e, 0x73, 0xb5, 0xe7, 0xf6,
171 0x89, 0x3d, 0x1c, 0xda, 0xf0, 0x36, 0xff, 0x35, 0xbd, 0x1e, 0x0b, 0x74,
172 0xe3, 0x9e, 0xf0, 0xf2, 0xf7, 0xd7, 0x82, 0xb7, 0x7b, 0x6a, 0x1b, 0x0e,
173 0x30, 0x4a, 0x98, 0x0e, 0xb4, 0xf9, 0x81, 0x07, 0xe4, 0x75, 0x39, 0xe9,
174 0x53, 0xca, 0xbb, 0x5c, 0xaa, 0x93, 0x07, 0x0e, 0xa8, 0x2f, 0xba, 0x98,
175 0x49, 0x30, 0xa7, 0xcc, 0x1a, 0x3c, 0x68, 0x0c, 0xe1, 0xa4, 0xb1, 0x05,
176 0xe6, 0xe0, 0x25, 0x78, 0x58, 0x14, 0x37, 0xf5, 0x1f, 0xe3, 0x22, 0xef,
177 0xa8, 0x0e, 0x22, 0xa0, 0x94, 0x3a, 0xf6, 0xc9, 0x13, 0xe6, 0x06, 0xbf,
178 0x7f, 0x99, 0xc6, 0xcc, 0xd8, 0xc6, 0xbe, 0xd9, 0x2e, 0x24, 0xc7, 0x69,
179 0x8c, 0x95, 0xba, 0xf6, 0x04, 0xb3, 0x0a, 0xf4, 0xcb, 0xf0, 0xce,
180 };
181
182 static const unsigned char kMsg[] = { 1, 2, 3, 4 };
183
184 static const unsigned char kSignature[] = {
185 0xa5, 0xf0, 0x8a, 0x47, 0x5d, 0x3c, 0xb3, 0xcc, 0xa9, 0x79, 0xaf, 0x4d,
186 0x8c, 0xae, 0x4c, 0x14, 0xef, 0xc2, 0x0b, 0x34, 0x36, 0xde, 0xf4, 0x3e,
187 0x3d, 0xbb, 0x4a, 0x60, 0x5c, 0xc8, 0x91, 0x28, 0xda, 0xfb, 0x7e, 0x04,
188 0x96, 0x7e, 0x63, 0x13, 0x90, 0xce, 0xb9, 0xb4, 0x62, 0x7a, 0xfd, 0x09,
189 0x3d, 0xc7, 0x67, 0x78, 0x54, 0x04, 0xeb, 0x52, 0x62, 0x6e, 0x24, 0x67,
190 0xb4, 0x40, 0xfc, 0x57, 0x62, 0xc6, 0xf1, 0x67, 0xc1, 0x97, 0x8f, 0x6a,
191 0xa8, 0xae, 0x44, 0x46, 0x5e, 0xab, 0x67, 0x17, 0x53, 0x19, 0x3a, 0xda,
192 0x5a, 0xc8, 0x16, 0x3e, 0x86, 0xd5, 0xc5, 0x71, 0x2f, 0xfc, 0x23, 0x48,
193 0xd9, 0x0b, 0x13, 0xdd, 0x7b, 0x5a, 0x25, 0x79, 0xef, 0xa5, 0x7b, 0x04,
194 0xed, 0x44, 0xf6, 0x18, 0x55, 0xe4, 0x0a, 0xe9, 0x57, 0x79, 0x5d, 0xd7,
195 0x55, 0xa7, 0xab, 0x45, 0x02, 0x97, 0x60, 0x42,
196 };
197
198 /*
199 * kExampleRSAKeyPKCS8 is kExampleRSAKeyDER encoded in a PKCS #8
200 * PrivateKeyInfo.
201 */
202 static const unsigned char kExampleRSAKeyPKCS8[] = {
203 0x30, 0x82, 0x02, 0x76, 0x02, 0x01, 0x00, 0x30, 0x0d, 0x06, 0x09, 0x2a,
204 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x04, 0x82,
205 0x02, 0x60, 0x30, 0x82, 0x02, 0x5c, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81,
206 0x00, 0xf8, 0xb8, 0x6c, 0x83, 0xb4, 0xbc, 0xd9, 0xa8, 0x57, 0xc0, 0xa5,
207 0xb4, 0x59, 0x76, 0x8c, 0x54, 0x1d, 0x79, 0xeb, 0x22, 0x52, 0x04, 0x7e,
208 0xd3, 0x37, 0xeb, 0x41, 0xfd, 0x83, 0xf9, 0xf0, 0xa6, 0x85, 0x15, 0x34,
209 0x75, 0x71, 0x5a, 0x84, 0xa8, 0x3c, 0xd2, 0xef, 0x5a, 0x4e, 0xd3, 0xde,
210 0x97, 0x8a, 0xdd, 0xff, 0xbb, 0xcf, 0x0a, 0xaa, 0x86, 0x92, 0xbe, 0xb8,
211 0x50, 0xe4, 0xcd, 0x6f, 0x80, 0x33, 0x30, 0x76, 0x13, 0x8f, 0xca, 0x7b,
212 0xdc, 0xec, 0x5a, 0xca, 0x63, 0xc7, 0x03, 0x25, 0xef, 0xa8, 0x8a, 0x83,
213 0x58, 0x76, 0x20, 0xfa, 0x16, 0x77, 0xd7, 0x79, 0x92, 0x63, 0x01, 0x48,
214 0x1a, 0xd8, 0x7b, 0x67, 0xf1, 0x52, 0x55, 0x49, 0x4e, 0xd6, 0x6e, 0x4a,
215 0x5c, 0xd7, 0x7a, 0x37, 0x36, 0x0c, 0xde, 0xdd, 0x8f, 0x44, 0xe8, 0xc2,
216 0xa7, 0x2c, 0x2b, 0xb5, 0xaf, 0x64, 0x4b, 0x61, 0x07, 0x02, 0x03, 0x01,
217 0x00, 0x01, 0x02, 0x81, 0x80, 0x74, 0x88, 0x64, 0x3f, 0x69, 0x45, 0x3a,
218 0x6d, 0xc7, 0x7f, 0xb9, 0xa3, 0xc0, 0x6e, 0xec, 0xdc, 0xd4, 0x5a, 0xb5,
219 0x32, 0x85, 0x5f, 0x19, 0xd4, 0xf8, 0xd4, 0x3f, 0x3c, 0xfa, 0xc2, 0xf6,
220 0x5f, 0xee, 0xe6, 0xba, 0x87, 0x74, 0x2e, 0xc7, 0x0c, 0xd4, 0x42, 0xb8,
221 0x66, 0x85, 0x9c, 0x7b, 0x24, 0x61, 0xaa, 0x16, 0x11, 0xf6, 0xb5, 0xb6,
222 0xa4, 0x0a, 0xc9, 0x55, 0x2e, 0x81, 0xa5, 0x47, 0x61, 0xcb, 0x25, 0x8f,
223 0xc2, 0x15, 0x7b, 0x0e, 0x7c, 0x36, 0x9f, 0x3a, 0xda, 0x58, 0x86, 0x1c,
224 0x5b, 0x83, 0x79, 0xe6, 0x2b, 0xcc, 0xe6, 0xfa, 0x2c, 0x61, 0xf2, 0x78,
225 0x80, 0x1b, 0xe2, 0xf3, 0x9d, 0x39, 0x2b, 0x65, 0x57, 0x91, 0x3d, 0x71,
226 0x99, 0x73, 0xa5, 0xc2, 0x79, 0x20, 0x8c, 0x07, 0x4f, 0xe5, 0xb4, 0x60,
227 0x1f, 0x99, 0xa2, 0xb1, 0x4f, 0x0c, 0xef, 0xbc, 0x59, 0x53, 0x00, 0x7d,
228 0xb1, 0x02, 0x41, 0x00, 0xfc, 0x7e, 0x23, 0x65, 0x70, 0xf8, 0xce, 0xd3,
229 0x40, 0x41, 0x80, 0x6a, 0x1d, 0x01, 0xd6, 0x01, 0xff, 0xb6, 0x1b, 0x3d,
230 0x3d, 0x59, 0x09, 0x33, 0x79, 0xc0, 0x4f, 0xde, 0x96, 0x27, 0x4b, 0x18,
231 0xc6, 0xd9, 0x78, 0xf1, 0xf4, 0x35, 0x46, 0xe9, 0x7c, 0x42, 0x7a, 0x5d,
232 0x9f, 0xef, 0x54, 0xb8, 0xf7, 0x9f, 0xc4, 0x33, 0x6c, 0xf3, 0x8c, 0x32,
233 0x46, 0x87, 0x67, 0x30, 0x7b, 0xa7, 0xac, 0xe3, 0x02, 0x41, 0x00, 0xfc,
234 0x2c, 0xdf, 0x0c, 0x0d, 0x88, 0xf5, 0xb1, 0x92, 0xa8, 0x93, 0x47, 0x63,
235 0x55, 0xf5, 0xca, 0x58, 0x43, 0xba, 0x1c, 0xe5, 0x9e, 0xb6, 0x95, 0x05,
236 0xcd, 0xb5, 0x82, 0xdf, 0xeb, 0x04, 0x53, 0x9d, 0xbd, 0xc2, 0x38, 0x16,
237 0xb3, 0x62, 0xdd, 0xa1, 0x46, 0xdb, 0x6d, 0x97, 0x93, 0x9f, 0x8a, 0xc3,
238 0x9b, 0x64, 0x7e, 0x42, 0xe3, 0x32, 0x57, 0x19, 0x1b, 0xd5, 0x6e, 0x85,
239 0xfa, 0xb8, 0x8d, 0x02, 0x41, 0x00, 0xbc, 0x3d, 0xde, 0x6d, 0xd6, 0x97,
240 0xe8, 0xba, 0x9e, 0x81, 0x37, 0x17, 0xe5, 0xa0, 0x64, 0xc9, 0x00, 0xb7,
241 0xe7, 0xfe, 0xf4, 0x29, 0xd9, 0x2e, 0x43, 0x6b, 0x19, 0x20, 0xbd, 0x99,
242 0x75, 0xe7, 0x76, 0xf8, 0xd3, 0xae, 0xaf, 0x7e, 0xb8, 0xeb, 0x81, 0xf4,
243 0x9d, 0xfe, 0x07, 0x2b, 0x0b, 0x63, 0x0b, 0x5a, 0x55, 0x90, 0x71, 0x7d,
244 0xf1, 0xdb, 0xd9, 0xb1, 0x41, 0x41, 0x68, 0x2f, 0x4e, 0x39, 0x02, 0x40,
245 0x5a, 0x34, 0x66, 0xd8, 0xf5, 0xe2, 0x7f, 0x18, 0xb5, 0x00, 0x6e, 0x26,
246 0x84, 0x27, 0x14, 0x93, 0xfb, 0xfc, 0xc6, 0x0f, 0x5e, 0x27, 0xe6, 0xe1,
247 0xe9, 0xc0, 0x8a, 0xe4, 0x34, 0xda, 0xe9, 0xa2, 0x4b, 0x73, 0xbc, 0x8c,
248 0xb9, 0xba, 0x13, 0x6c, 0x7a, 0x2b, 0x51, 0x84, 0xa3, 0x4a, 0xe0, 0x30,
249 0x10, 0x06, 0x7e, 0xed, 0x17, 0x5a, 0x14, 0x00, 0xc9, 0xef, 0x85, 0xea,
250 0x52, 0x2c, 0xbc, 0x65, 0x02, 0x40, 0x51, 0xe3, 0xf2, 0x83, 0x19, 0x9b,
251 0xc4, 0x1e, 0x2f, 0x50, 0x3d, 0xdf, 0x5a, 0xa2, 0x18, 0xca, 0x5f, 0x2e,
252 0x49, 0xaf, 0x6f, 0xcc, 0xfa, 0x65, 0x77, 0x94, 0xb5, 0xa1, 0x0a, 0xa9,
253 0xd1, 0x8a, 0x39, 0x37, 0xf4, 0x0b, 0xa0, 0xd7, 0x82, 0x27, 0x5e, 0xae,
254 0x17, 0x17, 0xa1, 0x1e, 0x54, 0x34, 0xbf, 0x6e, 0xc4, 0x8e, 0x99, 0x5d,
255 0x08, 0xf1, 0x2d, 0x86, 0x9d, 0xa5, 0x20, 0x1b, 0xe5, 0xdf,
256 };
257
258 #ifndef OPENSSL_NO_EC
259 /*
260 * kExampleECKeyDER is a sample EC private key encoded as an ECPrivateKey
261 * structure.
262 */
263 static const unsigned char kExampleECKeyDER[] = {
264 0x30, 0x77, 0x02, 0x01, 0x01, 0x04, 0x20, 0x07, 0x0f, 0x08, 0x72, 0x7a,
265 0xd4, 0xa0, 0x4a, 0x9c, 0xdd, 0x59, 0xc9, 0x4d, 0x89, 0x68, 0x77, 0x08,
266 0xb5, 0x6f, 0xc9, 0x5d, 0x30, 0x77, 0x0e, 0xe8, 0xd1, 0xc9, 0xce, 0x0a,
267 0x8b, 0xb4, 0x6a, 0xa0, 0x0a, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d,
268 0x03, 0x01, 0x07, 0xa1, 0x44, 0x03, 0x42, 0x00, 0x04, 0xe6, 0x2b, 0x69,
269 0xe2, 0xbf, 0x65, 0x9f, 0x97, 0xbe, 0x2f, 0x1e, 0x0d, 0x94, 0x8a, 0x4c,
270 0xd5, 0x97, 0x6b, 0xb7, 0xa9, 0x1e, 0x0d, 0x46, 0xfb, 0xdd, 0xa9, 0xa9,
271 0x1e, 0x9d, 0xdc, 0xba, 0x5a, 0x01, 0xe7, 0xd6, 0x97, 0xa8, 0x0a, 0x18,
272 0xf9, 0xc3, 0xc4, 0xa3, 0x1e, 0x56, 0xe2, 0x7c, 0x83, 0x48, 0xdb, 0x16,
273 0x1a, 0x1c, 0xf5, 0x1d, 0x7e, 0xf1, 0x94, 0x2d, 0x4b, 0xcf, 0x72, 0x22,
274 0xc1,
275 };
276
277 /*
278 * kExampleBadECKeyDER is a sample EC private key encoded as an ECPrivateKey
279 * structure. The private key is equal to the order and will fail to import
280 */
281 static const unsigned char kExampleBadECKeyDER[] = {
282 0x30, 0x66, 0x02, 0x01, 0x00, 0x30, 0x13, 0x06, 0x07, 0x2A, 0x86, 0x48,
283 0xCE, 0x3D, 0x02, 0x01, 0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x03,
284 0x01, 0x07, 0x04, 0x4C, 0x30, 0x4A, 0x02, 0x01, 0x01, 0x04, 0x20, 0xFF,
285 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
286 0xFF, 0xFF, 0xFF, 0xBC, 0xE6, 0xFA, 0xAD, 0xA7, 0x17, 0x9E, 0x84, 0xF3,
287 0xB9, 0xCA, 0xC2, 0xFC, 0x63, 0x25, 0x51, 0xA1, 0x23, 0x03, 0x21, 0x00,
288 0x00, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF,
289 0xFF, 0xFF, 0xFF, 0xFF, 0xBC, 0xE6, 0xFA, 0xAD, 0xA7, 0x17, 0x9E, 0x84,
290 0xF3, 0xB9, 0xCA, 0xC2, 0xFC, 0x63, 0x25, 0x51
291 };
292
293 /* prime256v1 */
294 static const unsigned char kExampleECPubKeyDER[] = {
295 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
296 0x01, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, 0x03,
297 0x42, 0x00, 0x04, 0xba, 0xeb, 0x83, 0xfb, 0x3b, 0xb2, 0xff, 0x30, 0x53,
298 0xdb, 0xce, 0x32, 0xf2, 0xac, 0xae, 0x44, 0x0d, 0x3d, 0x13, 0x53, 0xb8,
299 0xd1, 0x68, 0x55, 0xde, 0x44, 0x46, 0x05, 0xa6, 0xc9, 0xd2, 0x04, 0xb7,
300 0xe3, 0xa2, 0x96, 0xc8, 0xb2, 0x5e, 0x22, 0x03, 0xd7, 0x03, 0x7a, 0x8b,
301 0x13, 0x5c, 0x42, 0x49, 0xc2, 0xab, 0x86, 0xd6, 0xac, 0x6b, 0x93, 0x20,
302 0x56, 0x6a, 0xc6, 0xc8, 0xa5, 0x0b, 0xe5
303 };
304
305 /*
306 * kExampleBadECPubKeyDER is a sample EC public key with a wrong OID
307 * 1.2.840.10045.2.2 instead of 1.2.840.10045.2.1 - EC Public Key
308 */
309 static const unsigned char kExampleBadECPubKeyDER[] = {
310 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
311 0x02, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, 0x03,
312 0x42, 0x00, 0x04, 0xba, 0xeb, 0x83, 0xfb, 0x3b, 0xb2, 0xff, 0x30, 0x53,
313 0xdb, 0xce, 0x32, 0xf2, 0xac, 0xae, 0x44, 0x0d, 0x3d, 0x13, 0x53, 0xb8,
314 0xd1, 0x68, 0x55, 0xde, 0x44, 0x46, 0x05, 0xa6, 0xc9, 0xd2, 0x04, 0xb7,
315 0xe3, 0xa2, 0x96, 0xc8, 0xb2, 0x5e, 0x22, 0x03, 0xd7, 0x03, 0x7a, 0x8b,
316 0x13, 0x5c, 0x42, 0x49, 0xc2, 0xab, 0x86, 0xd6, 0xac, 0x6b, 0x93, 0x20,
317 0x56, 0x6a, 0xc6, 0xc8, 0xa5, 0x0b, 0xe5
318 };
319
320 static const unsigned char pExampleECParamDER[] = {
321 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07
322 };
323 #endif
324
325 static const unsigned char kCFBDefaultKey[] = {
326 0x2B, 0x7E, 0x15, 0x16, 0x28, 0xAE, 0xD2, 0xA6, 0xAB, 0xF7, 0x15, 0x88,
327 0x09, 0xCF, 0x4F, 0x3C
328 };
329
330 static const unsigned char kGCMDefaultKey[32] = { 0 };
331
332 static const unsigned char kGCMResetKey[] = {
333 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c, 0x6d, 0x6a, 0x8f, 0x94,
334 0x67, 0x30, 0x83, 0x08, 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c,
335 0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08
336 };
337
338 static const unsigned char iCFBIV[] = {
339 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0A, 0x0B,
340 0x0C, 0x0D, 0x0E, 0x0F
341 };
342
343 static const unsigned char iGCMDefaultIV[12] = { 0 };
344
345 static const unsigned char iGCMResetIV1[] = {
346 0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad
347 };
348
349 static const unsigned char iGCMResetIV2[] = {
350 0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad, 0xde, 0xca, 0xf8, 0x88
351 };
352
353 static const unsigned char cfbPlaintext[] = {
354 0x6B, 0xC1, 0xBE, 0xE2, 0x2E, 0x40, 0x9F, 0x96, 0xE9, 0x3D, 0x7E, 0x11,
355 0x73, 0x93, 0x17, 0x2A
356 };
357
358 static const unsigned char gcmDefaultPlaintext[16] = { 0 };
359
360 static const unsigned char gcmResetPlaintext[] = {
361 0xd9, 0x31, 0x32, 0x25, 0xf8, 0x84, 0x06, 0xe5, 0xa5, 0x59, 0x09, 0xc5,
362 0xaf, 0xf5, 0x26, 0x9a, 0x86, 0xa7, 0xa9, 0x53, 0x15, 0x34, 0xf7, 0xda,
363 0x2e, 0x4c, 0x30, 0x3d, 0x8a, 0x31, 0x8a, 0x72, 0x1c, 0x3c, 0x0c, 0x95,
364 0x95, 0x68, 0x09, 0x53, 0x2f, 0xcf, 0x0e, 0x24, 0x49, 0xa6, 0xb5, 0x25,
365 0xb1, 0x6a, 0xed, 0xf5, 0xaa, 0x0d, 0xe6, 0x57, 0xba, 0x63, 0x7b, 0x39
366 };
367
368 static const unsigned char cfbCiphertext[] = {
369 0x3B, 0x3F, 0xD9, 0x2E, 0xB7, 0x2D, 0xAD, 0x20, 0x33, 0x34, 0x49, 0xF8,
370 0xE8, 0x3C, 0xFB, 0x4A
371 };
372
373 static const unsigned char gcmDefaultCiphertext[] = {
374 0xce, 0xa7, 0x40, 0x3d, 0x4d, 0x60, 0x6b, 0x6e, 0x07, 0x4e, 0xc5, 0xd3,
375 0xba, 0xf3, 0x9d, 0x18
376 };
377
378 static const unsigned char gcmResetCiphertext1[] = {
379 0xc3, 0x76, 0x2d, 0xf1, 0xca, 0x78, 0x7d, 0x32, 0xae, 0x47, 0xc1, 0x3b,
380 0xf1, 0x98, 0x44, 0xcb, 0xaf, 0x1a, 0xe1, 0x4d, 0x0b, 0x97, 0x6a, 0xfa,
381 0xc5, 0x2f, 0xf7, 0xd7, 0x9b, 0xba, 0x9d, 0xe0, 0xfe, 0xb5, 0x82, 0xd3,
382 0x39, 0x34, 0xa4, 0xf0, 0x95, 0x4c, 0xc2, 0x36, 0x3b, 0xc7, 0x3f, 0x78,
383 0x62, 0xac, 0x43, 0x0e, 0x64, 0xab, 0xe4, 0x99, 0xf4, 0x7c, 0x9b, 0x1f
384 };
385
386 static const unsigned char gcmResetCiphertext2[] = {
387 0x52, 0x2d, 0xc1, 0xf0, 0x99, 0x56, 0x7d, 0x07, 0xf4, 0x7f, 0x37, 0xa3,
388 0x2a, 0x84, 0x42, 0x7d, 0x64, 0x3a, 0x8c, 0xdc, 0xbf, 0xe5, 0xc0, 0xc9,
389 0x75, 0x98, 0xa2, 0xbd, 0x25, 0x55, 0xd1, 0xaa, 0x8c, 0xb0, 0x8e, 0x48,
390 0x59, 0x0d, 0xbb, 0x3d, 0xa7, 0xb0, 0x8b, 0x10, 0x56, 0x82, 0x88, 0x38,
391 0xc5, 0xf6, 0x1e, 0x63, 0x93, 0xba, 0x7a, 0x0a, 0xbc, 0xc9, 0xf6, 0x62
392 };
393
394 static const unsigned char gcmAAD[] = {
395 0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef, 0xfe, 0xed, 0xfa, 0xce,
396 0xde, 0xad, 0xbe, 0xef, 0xab, 0xad, 0xda, 0xd2
397 };
398
399 static const unsigned char gcmDefaultTag[] = {
400 0xd0, 0xd1, 0xc8, 0xa7, 0x99, 0x99, 0x6b, 0xf0, 0x26, 0x5b, 0x98, 0xb5,
401 0xd4, 0x8a, 0xb9, 0x19
402 };
403
404 static const unsigned char gcmResetTag1[] = {
405 0x3a, 0x33, 0x7d, 0xbf, 0x46, 0xa7, 0x92, 0xc4, 0x5e, 0x45, 0x49, 0x13,
406 0xfe, 0x2e, 0xa8, 0xf2
407 };
408
409 static const unsigned char gcmResetTag2[] = {
410 0x76, 0xfc, 0x6e, 0xce, 0x0f, 0x4e, 0x17, 0x68, 0xcd, 0xdf, 0x88, 0x53,
411 0xbb, 0x2d, 0x55, 0x1b
412 };
413
414
415 typedef struct APK_DATA_st {
416 const unsigned char *kder;
417 size_t size;
418 int evptype;
419 int check;
420 int pub_check;
421 int param_check;
422 int type; /* 0 for private, 1 for public, 2 for params */
423 } APK_DATA;
424
425 typedef struct {
426 const char *cipher;
427 const unsigned char *key;
428 const unsigned char *iv;
429 const unsigned char *input;
430 const unsigned char *expected;
431 const unsigned char *tag;
432 size_t ivlen; /* 0 if we do not need to set a specific IV len */
433 size_t inlen;
434 size_t expectedlen;
435 size_t taglen;
436 int keyfirst;
437 int initenc;
438 int finalenc;
439 } EVP_INIT_TEST_st;
440
441 static const EVP_INIT_TEST_st evp_init_tests[] = {
442 {
443 "aes-128-cfb", kCFBDefaultKey, iCFBIV, cfbPlaintext,
444 cfbCiphertext, NULL, 0, sizeof(cfbPlaintext), sizeof(cfbCiphertext),
445 0, 1, 0, 1
446 },
447 {
448 "aes-256-gcm", kGCMDefaultKey, iGCMDefaultIV, gcmDefaultPlaintext,
449 gcmDefaultCiphertext, gcmDefaultTag, sizeof(iGCMDefaultIV),
450 sizeof(gcmDefaultPlaintext), sizeof(gcmDefaultCiphertext),
451 sizeof(gcmDefaultTag), 1, 0, 1
452 },
453 {
454 "aes-128-cfb", kCFBDefaultKey, iCFBIV, cfbPlaintext,
455 cfbCiphertext, NULL, 0, sizeof(cfbPlaintext), sizeof(cfbCiphertext),
456 0, 0, 0, 1
457 },
458 {
459 "aes-256-gcm", kGCMDefaultKey, iGCMDefaultIV, gcmDefaultPlaintext,
460 gcmDefaultCiphertext, gcmDefaultTag, sizeof(iGCMDefaultIV),
461 sizeof(gcmDefaultPlaintext), sizeof(gcmDefaultCiphertext),
462 sizeof(gcmDefaultTag), 0, 0, 1
463 },
464 {
465 "aes-128-cfb", kCFBDefaultKey, iCFBIV, cfbCiphertext,
466 cfbPlaintext, NULL, 0, sizeof(cfbCiphertext), sizeof(cfbPlaintext),
467 0, 1, 1, 0
468 },
469 {
470 "aes-256-gcm", kGCMDefaultKey, iGCMDefaultIV, gcmDefaultCiphertext,
471 gcmDefaultPlaintext, gcmDefaultTag, sizeof(iGCMDefaultIV),
472 sizeof(gcmDefaultCiphertext), sizeof(gcmDefaultPlaintext),
473 sizeof(gcmDefaultTag), 1, 1, 0
474 },
475 {
476 "aes-128-cfb", kCFBDefaultKey, iCFBIV, cfbCiphertext,
477 cfbPlaintext, NULL, 0, sizeof(cfbCiphertext), sizeof(cfbPlaintext),
478 0, 0, 1, 0
479 },
480 {
481 "aes-256-gcm", kGCMDefaultKey, iGCMDefaultIV, gcmDefaultCiphertext,
482 gcmDefaultPlaintext, gcmDefaultTag, sizeof(iGCMDefaultIV),
483 sizeof(gcmDefaultCiphertext), sizeof(gcmDefaultPlaintext),
484 sizeof(gcmDefaultTag), 0, 1, 0
485 }
486 };
487
evp_init_seq_set_iv(EVP_CIPHER_CTX * ctx,const EVP_INIT_TEST_st * t)488 static int evp_init_seq_set_iv(EVP_CIPHER_CTX *ctx, const EVP_INIT_TEST_st *t)
489 {
490 int res = 0;
491
492 if (t->ivlen != 0) {
493 if (!TEST_true(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_IVLEN, t->ivlen, NULL)))
494 goto err;
495 }
496 if (!TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, NULL, t->iv, -1)))
497 goto err;
498 res = 1;
499 err:
500 return res;
501 }
502
503 /*
504 * Test step-wise cipher initialization via EVP_CipherInit_ex where the
505 * arguments are given one at a time and a final adjustment to the enc
506 * parameter sets the correct operation.
507 */
test_evp_init_seq(int idx)508 static int test_evp_init_seq(int idx)
509 {
510 int outlen1, outlen2;
511 int testresult = 0;
512 unsigned char outbuf[1024];
513 unsigned char tag[16];
514 const EVP_INIT_TEST_st *t = &evp_init_tests[idx];
515 EVP_CIPHER_CTX *ctx = NULL;
516 const EVP_CIPHER *type = NULL;
517 size_t taglen = sizeof(tag);
518 char *errmsg = NULL;
519
520 ctx = EVP_CIPHER_CTX_new();
521 if (ctx == NULL) {
522 errmsg = "CTX_ALLOC";
523 goto err;
524 }
525 if (!TEST_ptr(type = EVP_get_cipherbyname(t->cipher))) {
526 errmsg = "GET_CIPHERBYNAME";
527 goto err;
528 }
529 if (!TEST_true(EVP_CipherInit_ex(ctx, type, NULL, NULL, NULL, t->initenc))) {
530 errmsg = "EMPTY_ENC_INIT";
531 goto err;
532 }
533 if (!TEST_true(EVP_CIPHER_CTX_set_padding(ctx, 0))) {
534 errmsg = "PADDING";
535 goto err;
536 }
537 if (t->keyfirst && !TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, t->key, NULL, -1))) {
538 errmsg = "KEY_INIT (before iv)";
539 goto err;
540 }
541 if (!evp_init_seq_set_iv(ctx, t)) {
542 errmsg = "IV_INIT";
543 goto err;
544 }
545 if (t->keyfirst == 0 && !TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, t->key, NULL, -1))) {
546 errmsg = "KEY_INIT (after iv)";
547 goto err;
548 }
549 if (!TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, NULL, NULL, t->finalenc))) {
550 errmsg = "FINAL_ENC_INIT";
551 goto err;
552 }
553 if (!TEST_true(EVP_CipherUpdate(ctx, outbuf, &outlen1, t->input, t->inlen))) {
554 errmsg = "CIPHER_UPDATE";
555 goto err;
556 }
557 if (t->finalenc == 0 && t->tag != NULL) {
558 /* Set expected tag */
559 if (!TEST_true(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG,
560 t->taglen, (void *)t->tag))) {
561 errmsg = "SET_TAG";
562 goto err;
563 }
564 }
565 if (!TEST_true(EVP_CipherFinal_ex(ctx, outbuf + outlen1, &outlen2))) {
566 errmsg = "CIPHER_FINAL";
567 goto err;
568 }
569 if (!TEST_mem_eq(t->expected, t->expectedlen, outbuf, outlen1 + outlen2)) {
570 errmsg = "WRONG_RESULT";
571 goto err;
572 }
573 if (t->finalenc != 0 && t->tag != NULL) {
574 if (!TEST_true(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, taglen, tag))) {
575 errmsg = "GET_TAG";
576 goto err;
577 }
578 if (!TEST_mem_eq(t->tag, t->taglen, tag, taglen)) {
579 errmsg = "TAG_ERROR";
580 goto err;
581 }
582 }
583 testresult = 1;
584 err:
585 if (errmsg != NULL)
586 TEST_info("evp_init_test %d: %s", idx, errmsg);
587 EVP_CIPHER_CTX_free(ctx);
588 return testresult;
589 }
590
591 typedef struct {
592 const unsigned char *input;
593 const unsigned char *expected;
594 size_t inlen;
595 size_t expectedlen;
596 int enc;
597 } EVP_RESET_TEST_st;
598
599 static const EVP_RESET_TEST_st evp_reset_tests[] = {
600 {
601 cfbPlaintext, cfbCiphertext,
602 sizeof(cfbPlaintext), sizeof(cfbCiphertext), 1
603 },
604 {
605 cfbCiphertext, cfbPlaintext,
606 sizeof(cfbCiphertext), sizeof(cfbPlaintext), 0
607 }
608 };
609
610 /*
611 * Test a reset of a cipher via EVP_CipherInit_ex after the cipher has already
612 * been used.
613 */
test_evp_reset(int idx)614 static int test_evp_reset(int idx)
615 {
616 const EVP_RESET_TEST_st *t = &evp_reset_tests[idx];
617 int outlen1, outlen2;
618 int testresult = 0;
619 unsigned char outbuf[1024];
620 EVP_CIPHER_CTX *ctx = NULL;
621 const EVP_CIPHER *type = NULL;
622 char *errmsg = NULL;
623
624 if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new())) {
625 errmsg = "CTX_ALLOC";
626 goto err;
627 }
628 if (!TEST_ptr(type = EVP_get_cipherbyname("aes-128-cfb"))) {
629 errmsg = "GET_CIPHERBYNAME";
630 goto err;
631 }
632 if (!TEST_true(EVP_CipherInit_ex(ctx, type, NULL, kCFBDefaultKey, iCFBIV, t->enc))) {
633 errmsg = "CIPHER_INIT";
634 goto err;
635 }
636 if (!TEST_true(EVP_CIPHER_CTX_set_padding(ctx, 0))) {
637 errmsg = "PADDING";
638 goto err;
639 }
640 if (!TEST_true(EVP_CipherUpdate(ctx, outbuf, &outlen1, t->input, t->inlen))) {
641 errmsg = "CIPHER_UPDATE";
642 goto err;
643 }
644 if (!TEST_true(EVP_CipherFinal_ex(ctx, outbuf + outlen1, &outlen2))) {
645 errmsg = "CIPHER_FINAL";
646 goto err;
647 }
648 if (!TEST_mem_eq(t->expected, t->expectedlen, outbuf, outlen1 + outlen2)) {
649 errmsg = "WRONG_RESULT";
650 goto err;
651 }
652 if (!TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, NULL, NULL, -1))) {
653 errmsg = "CIPHER_REINIT";
654 goto err;
655 }
656 if (!TEST_true(EVP_CipherUpdate(ctx, outbuf, &outlen1, t->input, t->inlen))) {
657 errmsg = "CIPHER_UPDATE (reinit)";
658 goto err;
659 }
660 if (!TEST_true(EVP_CipherFinal_ex(ctx, outbuf + outlen1, &outlen2))) {
661 errmsg = "CIPHER_FINAL (reinit)";
662 goto err;
663 }
664 if (!TEST_mem_eq(t->expected, t->expectedlen, outbuf, outlen1 + outlen2)) {
665 errmsg = "WRONG_RESULT (reinit)";
666 goto err;
667 }
668 testresult = 1;
669 err:
670 if (errmsg != NULL)
671 TEST_info("test_evp_reset %d: %s", idx, errmsg);
672 EVP_CIPHER_CTX_free(ctx);
673 return testresult;
674 }
675
676 typedef struct {
677 const unsigned char *iv1;
678 const unsigned char *iv2;
679 const unsigned char *expected1;
680 const unsigned char *expected2;
681 const unsigned char *tag1;
682 const unsigned char *tag2;
683 size_t ivlen1;
684 size_t ivlen2;
685 size_t expectedlen1;
686 size_t expectedlen2;
687 } TEST_GCM_IV_REINIT_st;
688
689 static const TEST_GCM_IV_REINIT_st gcm_reinit_tests[] = {
690 {
691 iGCMResetIV1, iGCMResetIV2, gcmResetCiphertext1, gcmResetCiphertext2,
692 gcmResetTag1, gcmResetTag2, sizeof(iGCMResetIV1), sizeof(iGCMResetIV2),
693 sizeof(gcmResetCiphertext1), sizeof(gcmResetCiphertext2)
694 },
695 {
696 iGCMResetIV2, iGCMResetIV1, gcmResetCiphertext2, gcmResetCiphertext1,
697 gcmResetTag2, gcmResetTag1, sizeof(iGCMResetIV2), sizeof(iGCMResetIV1),
698 sizeof(gcmResetCiphertext2), sizeof(gcmResetCiphertext1)
699 }
700 };
701
test_gcm_reinit(int idx)702 static int test_gcm_reinit(int idx)
703 {
704 int outlen1, outlen2, outlen3;
705 int testresult = 0;
706 unsigned char outbuf[1024];
707 unsigned char tag[16];
708 const TEST_GCM_IV_REINIT_st *t = &gcm_reinit_tests[idx];
709 EVP_CIPHER_CTX *ctx = NULL;
710 const EVP_CIPHER *type = NULL;
711 size_t taglen = sizeof(tag);
712 char *errmsg = NULL;
713
714 if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new())) {
715 errmsg = "CTX_ALLOC";
716 goto err;
717 }
718 if (!TEST_ptr(type = EVP_get_cipherbyname("aes-256-gcm"))) {
719 errmsg = "GET_CIPHERBYNAME";
720 goto err;
721 }
722 if (!TEST_true(EVP_CipherInit_ex(ctx, type, NULL, NULL, NULL, 1))) {
723 errmsg = "ENC_INIT";
724 goto err;
725 }
726 if (!TEST_true(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_IVLEN, t->ivlen1, NULL))) {
727 errmsg = "SET_IVLEN1";
728 goto err;
729 }
730 if (!TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, kGCMResetKey, t->iv1, 1))) {
731 errmsg = "SET_IV1";
732 goto err;
733 }
734 if (!TEST_true(EVP_CipherUpdate(ctx, NULL, &outlen3, gcmAAD, sizeof(gcmAAD)))) {
735 errmsg = "AAD1";
736 goto err;
737 }
738 EVP_CIPHER_CTX_set_padding(ctx, 0);
739 if (!TEST_true(EVP_CipherUpdate(ctx, outbuf, &outlen1, gcmResetPlaintext,
740 sizeof(gcmResetPlaintext)))) {
741 errmsg = "CIPHER_UPDATE1";
742 goto err;
743 }
744 if (!TEST_true(EVP_CipherFinal_ex(ctx, outbuf + outlen1, &outlen2))) {
745 errmsg = "CIPHER_FINAL1";
746 goto err;
747 }
748 if (!TEST_mem_eq(t->expected1, t->expectedlen1, outbuf, outlen1 + outlen2)) {
749 errmsg = "WRONG_RESULT1";
750 goto err;
751 }
752 if (!TEST_true(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, taglen, tag))) {
753 errmsg = "GET_TAG1";
754 goto err;
755 }
756 if (!TEST_mem_eq(t->tag1, taglen, tag, taglen)) {
757 errmsg = "TAG_ERROR1";
758 goto err;
759 }
760 /* Now reinit */
761 if (!TEST_true(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_IVLEN, t->ivlen2, NULL))) {
762 errmsg = "SET_IVLEN2";
763 goto err;
764 }
765 if (!TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, NULL, t->iv2, -1))) {
766 errmsg = "SET_IV2";
767 goto err;
768 }
769 if (!TEST_true(EVP_CipherUpdate(ctx, NULL, &outlen3, gcmAAD, sizeof(gcmAAD)))) {
770 errmsg = "AAD2";
771 goto err;
772 }
773 if (!TEST_true(EVP_CipherUpdate(ctx, outbuf, &outlen1, gcmResetPlaintext,
774 sizeof(gcmResetPlaintext)))) {
775 errmsg = "CIPHER_UPDATE2";
776 goto err;
777 }
778 if (!TEST_true(EVP_CipherFinal_ex(ctx, outbuf + outlen1, &outlen2))) {
779 errmsg = "CIPHER_FINAL2";
780 goto err;
781 }
782 if (!TEST_mem_eq(t->expected2, t->expectedlen2, outbuf, outlen1 + outlen2)) {
783 errmsg = "WRONG_RESULT2";
784 goto err;
785 }
786 if (!TEST_true(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, taglen, tag))) {
787 errmsg = "GET_TAG2";
788 goto err;
789 }
790 if (!TEST_mem_eq(t->tag2, taglen, tag, taglen)) {
791 errmsg = "TAG_ERROR2";
792 goto err;
793 }
794 testresult = 1;
795 err:
796 if (errmsg != NULL)
797 TEST_info("evp_init_test %d: %s", idx, errmsg);
798 EVP_CIPHER_CTX_free(ctx);
799 return testresult;
800 }
801
802 typedef struct {
803 const char *cipher;
804 int enc;
805 } EVP_UPDATED_IV_TEST_st;
806
807 static const EVP_UPDATED_IV_TEST_st evp_updated_iv_tests[] = {
808 {
809 "aes-128-cfb", 1
810 },
811 {
812 "aes-128-cfb", 0
813 },
814 {
815 "aes-128-cfb1", 1
816 },
817 {
818 "aes-128-cfb1", 0
819 },
820 {
821 "aes-128-cfb128", 1
822 },
823 {
824 "aes-128-cfb128", 0
825 },
826 {
827 "aes-128-cfb8", 1
828 },
829 {
830 "aes-128-cfb8", 0
831 },
832 {
833 "aes-128-ofb", 1
834 },
835 {
836 "aes-128-ofb", 0
837 },
838 {
839 "aes-128-ctr", 1
840 },
841 {
842 "aes-128-ctr", 0
843 },
844 {
845 "aes-128-cbc", 1
846 },
847 {
848 "aes-128-cbc", 0
849 }
850 };
851
852 /*
853 * Test that the IV in the context is updated during a crypto operation for CFB
854 * and OFB.
855 */
test_evp_updated_iv(int idx)856 static int test_evp_updated_iv(int idx)
857 {
858 const EVP_UPDATED_IV_TEST_st *t = &evp_updated_iv_tests[idx];
859 int outlen1, outlen2;
860 int testresult = 0;
861 unsigned char outbuf[1024];
862 EVP_CIPHER_CTX *ctx = NULL;
863 const EVP_CIPHER *type = NULL;
864 const unsigned char *updated_iv;
865 int iv_len;
866 char *errmsg = NULL;
867
868 if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new())) {
869 errmsg = "CTX_ALLOC";
870 goto err;
871 }
872 if ((type = EVP_get_cipherbyname(t->cipher)) == NULL) {
873 TEST_info("cipher %s not supported, skipping", t->cipher);
874 goto ok;
875 }
876 if (!TEST_true(EVP_CipherInit_ex(ctx, type, NULL, kCFBDefaultKey, iCFBIV, t->enc))) {
877 errmsg = "CIPHER_INIT";
878 goto err;
879 }
880 if (!TEST_true(EVP_CIPHER_CTX_set_padding(ctx, 0))) {
881 errmsg = "PADDING";
882 goto err;
883 }
884 if (!TEST_true(EVP_CipherUpdate(ctx, outbuf, &outlen1, cfbPlaintext, sizeof(cfbPlaintext)))) {
885 errmsg = "CIPHER_UPDATE";
886 goto err;
887 }
888 if (!TEST_ptr(updated_iv = EVP_CIPHER_CTX_iv(ctx))) {
889 errmsg = "CIPHER_CTX_IV";
890 goto err;
891 }
892 if (!TEST_true(iv_len = EVP_CIPHER_CTX_iv_length(ctx))) {
893 errmsg = "CIPHER_CTX_IV_LEN";
894 goto err;
895 }
896 if (!TEST_mem_ne(iCFBIV, sizeof(iCFBIV), updated_iv, iv_len)) {
897 errmsg = "IV_NOT_UPDATED";
898 goto err;
899 }
900 if (!TEST_true(EVP_CipherFinal_ex(ctx, outbuf + outlen1, &outlen2))) {
901 errmsg = "CIPHER_FINAL";
902 goto err;
903 }
904 ok:
905 testresult = 1;
906 err:
907 if (errmsg != NULL)
908 TEST_info("test_evp_updated_iv %d: %s", idx, errmsg);
909 EVP_CIPHER_CTX_free(ctx);
910 return testresult;
911 }
912
913 static APK_DATA keydata[] = {
914 {kExampleRSAKeyDER, sizeof(kExampleRSAKeyDER), EVP_PKEY_RSA},
915 {kExampleRSAKeyPKCS8, sizeof(kExampleRSAKeyPKCS8), EVP_PKEY_RSA},
916 #ifndef OPENSSL_NO_EC
917 {kExampleECKeyDER, sizeof(kExampleECKeyDER), EVP_PKEY_EC}
918 #endif
919 };
920
921 static APK_DATA keycheckdata[] = {
922 {kExampleRSAKeyDER, sizeof(kExampleRSAKeyDER), EVP_PKEY_RSA, 1, -2, -2, 0},
923 {kExampleBadRSAKeyDER, sizeof(kExampleBadRSAKeyDER), EVP_PKEY_RSA,
924 0, -2, -2, 0},
925 #ifndef OPENSSL_NO_EC
926 {kExampleECKeyDER, sizeof(kExampleECKeyDER), EVP_PKEY_EC, 1, 1, 1, 0},
927 /* group is also associated in our pub key */
928 {kExampleECPubKeyDER, sizeof(kExampleECPubKeyDER), EVP_PKEY_EC, 0, 1, 1, 1},
929 {pExampleECParamDER, sizeof(pExampleECParamDER), EVP_PKEY_EC, 0, 0, 1, 2}
930 #endif
931 };
932
load_example_rsa_key(void)933 static EVP_PKEY *load_example_rsa_key(void)
934 {
935 EVP_PKEY *ret = NULL;
936 const unsigned char *derp = kExampleRSAKeyDER;
937 EVP_PKEY *pkey = NULL;
938 RSA *rsa = NULL;
939
940 if (!TEST_true(d2i_RSAPrivateKey(&rsa, &derp, sizeof(kExampleRSAKeyDER))))
941 return NULL;
942
943 if (!TEST_ptr(pkey = EVP_PKEY_new())
944 || !TEST_true(EVP_PKEY_set1_RSA(pkey, rsa)))
945 goto end;
946
947 ret = pkey;
948 pkey = NULL;
949
950 end:
951 EVP_PKEY_free(pkey);
952 RSA_free(rsa);
953
954 return ret;
955 }
956
test_EVP_Enveloped(void)957 static int test_EVP_Enveloped(void)
958 {
959 int ret = 0;
960 EVP_CIPHER_CTX *ctx = NULL;
961 EVP_PKEY *keypair = NULL;
962 unsigned char *kek = NULL;
963 unsigned char iv[EVP_MAX_IV_LENGTH];
964 static const unsigned char msg[] = { 1, 2, 3, 4, 5, 6, 7, 8 };
965 int len, kek_len, ciphertext_len, plaintext_len;
966 unsigned char ciphertext[32], plaintext[16];
967 const EVP_CIPHER *type = EVP_aes_256_cbc();
968
969 if (!TEST_ptr(keypair = load_example_rsa_key())
970 || !TEST_ptr(kek = OPENSSL_zalloc(EVP_PKEY_size(keypair)))
971 || !TEST_ptr(ctx = EVP_CIPHER_CTX_new())
972 || !TEST_true(EVP_SealInit(ctx, type, &kek, &kek_len, iv,
973 &keypair, 1))
974 || !TEST_true(EVP_SealUpdate(ctx, ciphertext, &ciphertext_len,
975 msg, sizeof(msg)))
976 || !TEST_true(EVP_SealFinal(ctx, ciphertext + ciphertext_len,
977 &len)))
978 goto err;
979
980 ciphertext_len += len;
981
982 if (!TEST_true(EVP_OpenInit(ctx, type, kek, kek_len, iv, keypair))
983 || !TEST_true(EVP_OpenUpdate(ctx, plaintext, &plaintext_len,
984 ciphertext, ciphertext_len))
985 || !TEST_true(EVP_OpenFinal(ctx, plaintext + plaintext_len, &len)))
986 goto err;
987
988 plaintext_len += len;
989 if (!TEST_mem_eq(msg, sizeof(msg), plaintext, plaintext_len))
990 goto err;
991
992 ret = 1;
993 err:
994 OPENSSL_free(kek);
995 EVP_PKEY_free(keypair);
996 EVP_CIPHER_CTX_free(ctx);
997 return ret;
998 }
999
1000
test_EVP_DigestSignInit(void)1001 static int test_EVP_DigestSignInit(void)
1002 {
1003 int ret = 0;
1004 EVP_PKEY *pkey = NULL;
1005 unsigned char *sig = NULL;
1006 size_t sig_len = 0;
1007 EVP_MD_CTX *md_ctx, *md_ctx_verify = NULL;
1008
1009 if (!TEST_ptr(md_ctx = EVP_MD_CTX_new())
1010 || !TEST_ptr(md_ctx_verify = EVP_MD_CTX_new())
1011 || !TEST_ptr(pkey = load_example_rsa_key()))
1012 goto out;
1013
1014 if (!TEST_true(EVP_DigestSignInit(md_ctx, NULL, EVP_sha256(), NULL, pkey))
1015 || !TEST_true(EVP_DigestSignUpdate(md_ctx, kMsg, sizeof(kMsg))))
1016 goto out;
1017
1018 /* Determine the size of the signature. */
1019 if (!TEST_true(EVP_DigestSignFinal(md_ctx, NULL, &sig_len))
1020 || !TEST_size_t_eq(sig_len, (size_t)EVP_PKEY_size(pkey)))
1021 goto out;
1022
1023 if (!TEST_ptr(sig = OPENSSL_malloc(sig_len))
1024 || !TEST_true(EVP_DigestSignFinal(md_ctx, sig, &sig_len)))
1025 goto out;
1026
1027 /* Ensure that the signature round-trips. */
1028 if (!TEST_true(EVP_DigestVerifyInit(md_ctx_verify, NULL, EVP_sha256(),
1029 NULL, pkey))
1030 || !TEST_true(EVP_DigestVerifyUpdate(md_ctx_verify,
1031 kMsg, sizeof(kMsg)))
1032 || !TEST_true(EVP_DigestVerifyFinal(md_ctx_verify, sig, sig_len)))
1033 goto out;
1034
1035 ret = 1;
1036
1037 out:
1038 EVP_MD_CTX_free(md_ctx);
1039 EVP_MD_CTX_free(md_ctx_verify);
1040 EVP_PKEY_free(pkey);
1041 OPENSSL_free(sig);
1042
1043 return ret;
1044 }
1045
test_EVP_DigestVerifyInit(void)1046 static int test_EVP_DigestVerifyInit(void)
1047 {
1048 int ret = 0;
1049 EVP_PKEY *pkey = NULL;
1050 EVP_MD_CTX *md_ctx = NULL;
1051
1052 if (!TEST_ptr(md_ctx = EVP_MD_CTX_new())
1053 || !TEST_ptr(pkey = load_example_rsa_key()))
1054 goto out;
1055
1056 if (!TEST_true(EVP_DigestVerifyInit(md_ctx, NULL, EVP_sha256(), NULL, pkey))
1057 || !TEST_true(EVP_DigestVerifyUpdate(md_ctx, kMsg, sizeof(kMsg)))
1058 || !TEST_true(EVP_DigestVerifyFinal(md_ctx, kSignature,
1059 sizeof(kSignature))))
1060 goto out;
1061 ret = 1;
1062
1063 out:
1064 EVP_MD_CTX_free(md_ctx);
1065 EVP_PKEY_free(pkey);
1066 return ret;
1067 }
1068
test_d2i_AutoPrivateKey(int i)1069 static int test_d2i_AutoPrivateKey(int i)
1070 {
1071 int ret = 0;
1072 const unsigned char *p;
1073 EVP_PKEY *pkey = NULL;
1074 const APK_DATA *ak = &keydata[i];
1075 const unsigned char *input = ak->kder;
1076 size_t input_len = ak->size;
1077 int expected_id = ak->evptype;
1078
1079 p = input;
1080 if (!TEST_ptr(pkey = d2i_AutoPrivateKey(NULL, &p, input_len))
1081 || !TEST_ptr_eq(p, input + input_len)
1082 || !TEST_int_eq(EVP_PKEY_id(pkey), expected_id))
1083 goto done;
1084
1085 ret = 1;
1086
1087 done:
1088 EVP_PKEY_free(pkey);
1089 return ret;
1090 }
1091
1092 #ifndef OPENSSL_NO_EC
1093
1094 static const unsigned char ec_public_sect163k1_validxy[] = {
1095 0x30, 0x40, 0x30, 0x10, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
1096 0x01, 0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x01, 0x03, 0x2c, 0x00, 0x04,
1097 0x02, 0x84, 0x58, 0xa6, 0xd4, 0xa0, 0x35, 0x2b, 0xae, 0xf0, 0xc0, 0x69,
1098 0x05, 0xcf, 0x2a, 0x50, 0x33, 0xf9, 0xe3, 0x92, 0x79, 0x02, 0xd1, 0x7b,
1099 0x9f, 0x22, 0x00, 0xf0, 0x3b, 0x0e, 0x5d, 0x2e, 0xb7, 0x23, 0x24, 0xf3,
1100 0x6a, 0xd8, 0x17, 0x65, 0x41, 0x2f
1101 };
1102
1103 static const unsigned char ec_public_sect163k1_badx[] = {
1104 0x30, 0x40, 0x30, 0x10, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
1105 0x01, 0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x01, 0x03, 0x2c, 0x00, 0x04,
1106 0x0a, 0x84, 0x58, 0xa6, 0xd4, 0xa0, 0x35, 0x2b, 0xae, 0xf0, 0xc0, 0x69,
1107 0x05, 0xcf, 0x2a, 0x50, 0x33, 0xf9, 0xe3, 0x92, 0xb0, 0x02, 0xd1, 0x7b,
1108 0x9f, 0x22, 0x00, 0xf0, 0x3b, 0x0e, 0x5d, 0x2e, 0xb7, 0x23, 0x24, 0xf3,
1109 0x6a, 0xd8, 0x17, 0x65, 0x41, 0x2f
1110 };
1111
1112 static const unsigned char ec_public_sect163k1_bady[] = {
1113 0x30, 0x40, 0x30, 0x10, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
1114 0x01, 0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x01, 0x03, 0x2c, 0x00, 0x04,
1115 0x02, 0x84, 0x58, 0xa6, 0xd4, 0xa0, 0x35, 0x2b, 0xae, 0xf0, 0xc0, 0x69,
1116 0x05, 0xcf, 0x2a, 0x50, 0x33, 0xf9, 0xe3, 0x92, 0x79, 0x0a, 0xd1, 0x7b,
1117 0x9f, 0x22, 0x00, 0xf0, 0x3b, 0x0e, 0x5d, 0x2e, 0xb7, 0x23, 0x24, 0xf3,
1118 0x6a, 0xd8, 0x17, 0x65, 0x41, 0xe6
1119 };
1120
1121 static struct ec_der_pub_keys_st {
1122 const unsigned char *der;
1123 size_t len;
1124 int valid;
1125 } ec_der_pub_keys[] = {
1126 { ec_public_sect163k1_validxy, sizeof(ec_public_sect163k1_validxy), 1 },
1127 { ec_public_sect163k1_badx, sizeof(ec_public_sect163k1_badx), 0 },
1128 { ec_public_sect163k1_bady, sizeof(ec_public_sect163k1_bady), 0 },
1129 };
1130
1131 /*
1132 * Tests the range of the decoded EC char2 public point.
1133 * See ec_GF2m_simple_oct2point().
1134 */
test_invalide_ec_char2_pub_range_decode(int id)1135 static int test_invalide_ec_char2_pub_range_decode(int id)
1136 {
1137 int ret = 0;
1138 BIO *bio = NULL;
1139 EC_KEY *eckey = NULL;
1140
1141 if (!TEST_ptr(bio = BIO_new_mem_buf(ec_der_pub_keys[id].der,
1142 ec_der_pub_keys[id].len)))
1143 goto err;
1144 eckey = d2i_EC_PUBKEY_bio(bio, NULL);
1145 ret = (ec_der_pub_keys[id].valid && TEST_ptr(eckey))
1146 || TEST_ptr_null(eckey);
1147 err:
1148 EC_KEY_free(eckey);
1149 BIO_free(bio);
1150 return ret;
1151 }
1152
1153 /* Tests loading a bad key in PKCS8 format */
test_EVP_PKCS82PKEY(void)1154 static int test_EVP_PKCS82PKEY(void)
1155 {
1156 int ret = 0;
1157 const unsigned char *derp = kExampleBadECKeyDER;
1158 PKCS8_PRIV_KEY_INFO *p8inf = NULL;
1159 EVP_PKEY *pkey = NULL;
1160
1161 if (!TEST_ptr(p8inf = d2i_PKCS8_PRIV_KEY_INFO(NULL, &derp,
1162 sizeof(kExampleBadECKeyDER))))
1163 goto done;
1164
1165 if (!TEST_ptr_eq(derp,
1166 kExampleBadECKeyDER + sizeof(kExampleBadECKeyDER)))
1167 goto done;
1168
1169 if (!TEST_ptr_null(pkey = EVP_PKCS82PKEY(p8inf)))
1170 goto done;
1171
1172 ret = 1;
1173
1174 done:
1175 PKCS8_PRIV_KEY_INFO_free(p8inf);
1176 EVP_PKEY_free(pkey);
1177
1178 return ret;
1179 }
1180 #endif
1181
1182 #ifndef OPENSSL_NO_SM2
1183
test_EVP_SM2_verify(void)1184 static int test_EVP_SM2_verify(void)
1185 {
1186 /* From https://tools.ietf.org/html/draft-shen-sm2-ecdsa-02#appendix-A */
1187 const char *pubkey =
1188 "-----BEGIN PUBLIC KEY-----\n"
1189 "MIIBMzCB7AYHKoZIzj0CATCB4AIBATAsBgcqhkjOPQEBAiEAhULWnkwETxjouSQ1\n"
1190 "v2/33kVyg5FcRVF9ci7biwjx38MwRAQgeHlotPoyw/0kF4Quc7v+/y88hItoMdfg\n"
1191 "7GUiizk35JgEIGPkxtOyOwyEnPhCQUhL/kj2HVmlsWugbm4S0donxSSaBEEEQh3r\n"
1192 "1hti6rZ0ZDTrw8wxXjIiCzut1QvcTE5sFH/t1D0GgFEry7QsB9RzSdIVO3DE5df9\n"
1193 "/L+jbqGoWEG55G4JogIhAIVC1p5MBE8Y6LkkNb9v990pdyBjBIVijVrnTufDLnm3\n"
1194 "AgEBA0IABArkx3mKoPEZRxvuEYJb5GICu3nipYRElel8BP9N8lSKfAJA+I8c1OFj\n"
1195 "Uqc8F7fxbwc1PlOhdtaEqf4Ma7eY6Fc=\n"
1196 "-----END PUBLIC KEY-----\n";
1197
1198 const char *msg = "message digest";
1199 const char *id = "ALICE123@YAHOO.COM";
1200
1201 const uint8_t signature[] = {
1202 0x30, 0x44, 0x02, 0x20,
1203
1204 0x40, 0xF1, 0xEC, 0x59, 0xF7, 0x93, 0xD9, 0xF4, 0x9E, 0x09, 0xDC,
1205 0xEF, 0x49, 0x13, 0x0D, 0x41, 0x94, 0xF7, 0x9F, 0xB1, 0xEE, 0xD2,
1206 0xCA, 0xA5, 0x5B, 0xAC, 0xDB, 0x49, 0xC4, 0xE7, 0x55, 0xD1,
1207
1208 0x02, 0x20,
1209
1210 0x6F, 0xC6, 0xDA, 0xC3, 0x2C, 0x5D, 0x5C, 0xF1, 0x0C, 0x77, 0xDF,
1211 0xB2, 0x0F, 0x7C, 0x2E, 0xB6, 0x67, 0xA4, 0x57, 0x87, 0x2F, 0xB0,
1212 0x9E, 0xC5, 0x63, 0x27, 0xA6, 0x7E, 0xC7, 0xDE, 0xEB, 0xE7
1213 };
1214
1215 int rc = 0;
1216 BIO *bio = NULL;
1217 EVP_PKEY *pkey = NULL;
1218 EVP_MD_CTX *mctx = NULL;
1219 EVP_PKEY_CTX *pctx = NULL;
1220
1221 bio = BIO_new_mem_buf(pubkey, strlen(pubkey));
1222 if (!TEST_true(bio != NULL))
1223 goto done;
1224
1225 pkey = PEM_read_bio_PUBKEY(bio, NULL, NULL, NULL);
1226 if (!TEST_true(pkey != NULL))
1227 goto done;
1228
1229 if (!TEST_true(EVP_PKEY_set_alias_type(pkey, EVP_PKEY_SM2)))
1230 goto done;
1231
1232 if (!TEST_ptr(mctx = EVP_MD_CTX_new()))
1233 goto done;
1234
1235 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new(pkey, NULL)))
1236 goto done;
1237
1238 if (!TEST_int_gt(EVP_PKEY_CTX_set1_id(pctx, (const uint8_t *)id,
1239 strlen(id)), 0))
1240 goto done;
1241
1242 EVP_MD_CTX_set_pkey_ctx(mctx, pctx);
1243
1244 if (!TEST_true(EVP_DigestVerifyInit(mctx, NULL, EVP_sm3(), NULL, pkey)))
1245 goto done;
1246
1247 if (!TEST_true(EVP_DigestVerifyUpdate(mctx, msg, strlen(msg))))
1248 goto done;
1249
1250 if (!TEST_true(EVP_DigestVerifyFinal(mctx, signature, sizeof(signature))))
1251 goto done;
1252 rc = 1;
1253
1254 done:
1255 BIO_free(bio);
1256 EVP_PKEY_free(pkey);
1257 EVP_PKEY_CTX_free(pctx);
1258 EVP_MD_CTX_free(mctx);
1259 return rc;
1260 }
1261
test_EVP_SM2(void)1262 static int test_EVP_SM2(void)
1263 {
1264 int ret = 0;
1265 EVP_PKEY *pkey = NULL;
1266 EVP_PKEY *params = NULL;
1267 EVP_PKEY_CTX *pctx = NULL;
1268 EVP_PKEY_CTX *kctx = NULL;
1269 EVP_PKEY_CTX *sctx = NULL;
1270 size_t sig_len = 0;
1271 unsigned char *sig = NULL;
1272 EVP_MD_CTX *md_ctx = NULL;
1273 EVP_MD_CTX *md_ctx_verify = NULL;
1274 EVP_PKEY_CTX *cctx = NULL;
1275
1276 uint8_t ciphertext[128];
1277 size_t ctext_len = sizeof(ciphertext);
1278
1279 uint8_t plaintext[8];
1280 size_t ptext_len = sizeof(plaintext);
1281
1282 uint8_t sm2_id[] = {1, 2, 3, 4, 'l', 'e', 't', 't', 'e', 'r'};
1283
1284 pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_EC, NULL);
1285 if (!TEST_ptr(pctx))
1286 goto done;
1287
1288 if (!TEST_true(EVP_PKEY_paramgen_init(pctx) == 1))
1289 goto done;
1290
1291 if (!TEST_true(EVP_PKEY_CTX_set_ec_paramgen_curve_nid(pctx, NID_sm2)))
1292 goto done;
1293
1294 if (!TEST_true(EVP_PKEY_paramgen(pctx, ¶ms)))
1295 goto done;
1296
1297 kctx = EVP_PKEY_CTX_new(params, NULL);
1298 if (!TEST_ptr(kctx))
1299 goto done;
1300
1301 if (!TEST_true(EVP_PKEY_keygen_init(kctx)))
1302 goto done;
1303
1304 if (!TEST_true(EVP_PKEY_keygen(kctx, &pkey)))
1305 goto done;
1306
1307 if (!TEST_true(EVP_PKEY_set_alias_type(pkey, EVP_PKEY_SM2)))
1308 goto done;
1309
1310 if (!TEST_ptr(md_ctx = EVP_MD_CTX_new()))
1311 goto done;
1312
1313 if (!TEST_ptr(md_ctx_verify = EVP_MD_CTX_new()))
1314 goto done;
1315
1316 if (!TEST_ptr(sctx = EVP_PKEY_CTX_new(pkey, NULL)))
1317 goto done;
1318
1319 EVP_MD_CTX_set_pkey_ctx(md_ctx, sctx);
1320 EVP_MD_CTX_set_pkey_ctx(md_ctx_verify, sctx);
1321
1322 if (!TEST_int_gt(EVP_PKEY_CTX_set1_id(sctx, sm2_id, sizeof(sm2_id)), 0))
1323 goto done;
1324
1325 if (!TEST_true(EVP_DigestSignInit(md_ctx, NULL, EVP_sm3(), NULL, pkey)))
1326 goto done;
1327
1328 if(!TEST_true(EVP_DigestSignUpdate(md_ctx, kMsg, sizeof(kMsg))))
1329 goto done;
1330
1331 /* Determine the size of the signature. */
1332 if (!TEST_true(EVP_DigestSignFinal(md_ctx, NULL, &sig_len)))
1333 goto done;
1334
1335 if (!TEST_size_t_eq(sig_len, (size_t)EVP_PKEY_size(pkey)))
1336 goto done;
1337
1338 if (!TEST_ptr(sig = OPENSSL_malloc(sig_len)))
1339 goto done;
1340
1341 if (!TEST_true(EVP_DigestSignFinal(md_ctx, sig, &sig_len)))
1342 goto done;
1343
1344 /* Ensure that the signature round-trips. */
1345
1346 if (!TEST_true(EVP_DigestVerifyInit(md_ctx_verify, NULL, EVP_sm3(), NULL, pkey)))
1347 goto done;
1348
1349 if (!TEST_true(EVP_DigestVerifyUpdate(md_ctx_verify, kMsg, sizeof(kMsg))))
1350 goto done;
1351
1352 if (!TEST_true(EVP_DigestVerifyFinal(md_ctx_verify, sig, sig_len)))
1353 goto done;
1354
1355 /* now check encryption/decryption */
1356
1357 if (!TEST_ptr(cctx = EVP_PKEY_CTX_new(pkey, NULL)))
1358 goto done;
1359
1360 if (!TEST_true(EVP_PKEY_encrypt_init(cctx)))
1361 goto done;
1362
1363 if (!TEST_true(EVP_PKEY_encrypt(cctx, ciphertext, &ctext_len, kMsg, sizeof(kMsg))))
1364 goto done;
1365
1366 if (!TEST_true(EVP_PKEY_decrypt_init(cctx)))
1367 goto done;
1368
1369 if (!TEST_true(EVP_PKEY_decrypt(cctx, plaintext, &ptext_len, ciphertext, ctext_len)))
1370 goto done;
1371
1372 if (!TEST_true(ptext_len == sizeof(kMsg)))
1373 goto done;
1374
1375 if (!TEST_true(memcmp(plaintext, kMsg, sizeof(kMsg)) == 0))
1376 goto done;
1377
1378 ret = 1;
1379 done:
1380 EVP_PKEY_CTX_free(pctx);
1381 EVP_PKEY_CTX_free(kctx);
1382 EVP_PKEY_CTX_free(sctx);
1383 EVP_PKEY_CTX_free(cctx);
1384 EVP_PKEY_free(pkey);
1385 EVP_PKEY_free(params);
1386 EVP_MD_CTX_free(md_ctx);
1387 EVP_MD_CTX_free(md_ctx_verify);
1388 OPENSSL_free(sig);
1389 return ret;
1390 }
1391
1392 #endif
1393
1394 static struct keys_st {
1395 int type;
1396 char *priv;
1397 char *pub;
1398 } keys[] = {
1399 {
1400 EVP_PKEY_HMAC, "0123456789", NULL
1401 #ifndef OPENSSL_NO_POLY1305
1402 }, {
1403 EVP_PKEY_POLY1305, "01234567890123456789012345678901", NULL
1404 #endif
1405 #ifndef OPENSSL_NO_SIPHASH
1406 }, {
1407 EVP_PKEY_SIPHASH, "0123456789012345", NULL
1408 #endif
1409 },
1410 #ifndef OPENSSL_NO_EC
1411 {
1412 EVP_PKEY_X25519, "01234567890123456789012345678901",
1413 "abcdefghijklmnopqrstuvwxyzabcdef"
1414 }, {
1415 EVP_PKEY_ED25519, "01234567890123456789012345678901",
1416 "abcdefghijklmnopqrstuvwxyzabcdef"
1417 }, {
1418 EVP_PKEY_X448,
1419 "01234567890123456789012345678901234567890123456789012345",
1420 "abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcd"
1421 }, {
1422 EVP_PKEY_ED448,
1423 "012345678901234567890123456789012345678901234567890123456",
1424 "abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcde"
1425 }
1426 #endif
1427 };
1428
test_set_get_raw_keys_int(int tst,int pub)1429 static int test_set_get_raw_keys_int(int tst, int pub)
1430 {
1431 int ret = 0;
1432 unsigned char buf[80];
1433 unsigned char *in;
1434 size_t inlen, len = 0;
1435 EVP_PKEY *pkey;
1436
1437 /* Check if this algorithm supports public keys */
1438 if (pub && keys[tst].pub == NULL)
1439 return 1;
1440
1441 memset(buf, 0, sizeof(buf));
1442
1443 if (pub) {
1444 #ifndef OPENSSL_NO_EC
1445 inlen = strlen(keys[tst].pub);
1446 in = (unsigned char *)keys[tst].pub;
1447 pkey = EVP_PKEY_new_raw_public_key(keys[tst].type,
1448 NULL,
1449 in,
1450 inlen);
1451 #else
1452 return 1;
1453 #endif
1454 } else {
1455 inlen = strlen(keys[tst].priv);
1456 in = (unsigned char *)keys[tst].priv;
1457 pkey = EVP_PKEY_new_raw_private_key(keys[tst].type,
1458 NULL,
1459 in,
1460 inlen);
1461 }
1462
1463 if (!TEST_ptr(pkey)
1464 || !TEST_int_eq(EVP_PKEY_cmp(pkey, pkey), 1)
1465 || (!pub && !TEST_true(EVP_PKEY_get_raw_private_key(pkey, NULL, &len)))
1466 || (pub && !TEST_true(EVP_PKEY_get_raw_public_key(pkey, NULL, &len)))
1467 || !TEST_true(len == inlen)
1468 || (!pub && !TEST_true(EVP_PKEY_get_raw_private_key(pkey, buf, &len)))
1469 || (pub && !TEST_true(EVP_PKEY_get_raw_public_key(pkey, buf, &len)))
1470 || !TEST_mem_eq(in, inlen, buf, len))
1471 goto done;
1472
1473 ret = 1;
1474 done:
1475 EVP_PKEY_free(pkey);
1476 return ret;
1477 }
1478
test_set_get_raw_keys(int tst)1479 static int test_set_get_raw_keys(int tst)
1480 {
1481 return test_set_get_raw_keys_int(tst, 0)
1482 && test_set_get_raw_keys_int(tst, 1);
1483 }
1484
pkey_custom_check(EVP_PKEY * pkey)1485 static int pkey_custom_check(EVP_PKEY *pkey)
1486 {
1487 return 0xbeef;
1488 }
1489
pkey_custom_pub_check(EVP_PKEY * pkey)1490 static int pkey_custom_pub_check(EVP_PKEY *pkey)
1491 {
1492 return 0xbeef;
1493 }
1494
pkey_custom_param_check(EVP_PKEY * pkey)1495 static int pkey_custom_param_check(EVP_PKEY *pkey)
1496 {
1497 return 0xbeef;
1498 }
1499
1500 static EVP_PKEY_METHOD *custom_pmeth;
1501
test_EVP_PKEY_check(int i)1502 static int test_EVP_PKEY_check(int i)
1503 {
1504 int ret = 0;
1505 const unsigned char *p;
1506 EVP_PKEY *pkey = NULL;
1507 #ifndef OPENSSL_NO_EC
1508 EC_KEY *eckey = NULL;
1509 #endif
1510 EVP_PKEY_CTX *ctx = NULL;
1511 EVP_PKEY_CTX *ctx2 = NULL;
1512 const APK_DATA *ak = &keycheckdata[i];
1513 const unsigned char *input = ak->kder;
1514 size_t input_len = ak->size;
1515 int expected_id = ak->evptype;
1516 int expected_check = ak->check;
1517 int expected_pub_check = ak->pub_check;
1518 int expected_param_check = ak->param_check;
1519 int type = ak->type;
1520 BIO *pubkey = NULL;
1521
1522 p = input;
1523
1524 switch (type) {
1525 case 0:
1526 if (!TEST_ptr(pkey = d2i_AutoPrivateKey(NULL, &p, input_len))
1527 || !TEST_ptr_eq(p, input + input_len)
1528 || !TEST_int_eq(EVP_PKEY_id(pkey), expected_id))
1529 goto done;
1530 break;
1531 #ifndef OPENSSL_NO_EC
1532 case 1:
1533 if (!TEST_ptr(pubkey = BIO_new_mem_buf(input, input_len))
1534 || !TEST_ptr(eckey = d2i_EC_PUBKEY_bio(pubkey, NULL))
1535 || !TEST_ptr(pkey = EVP_PKEY_new())
1536 || !TEST_true(EVP_PKEY_assign_EC_KEY(pkey, eckey)))
1537 goto done;
1538 break;
1539 case 2:
1540 if (!TEST_ptr(eckey = d2i_ECParameters(NULL, &p, input_len))
1541 || !TEST_ptr_eq(p, input + input_len)
1542 || !TEST_ptr(pkey = EVP_PKEY_new())
1543 || !TEST_true(EVP_PKEY_assign_EC_KEY(pkey, eckey)))
1544 goto done;
1545 break;
1546 #endif
1547 default:
1548 return 0;
1549 }
1550
1551 if (!TEST_ptr(ctx = EVP_PKEY_CTX_new(pkey, NULL)))
1552 goto done;
1553
1554 if (!TEST_int_eq(EVP_PKEY_check(ctx), expected_check))
1555 goto done;
1556
1557 if (!TEST_int_eq(EVP_PKEY_public_check(ctx), expected_pub_check))
1558 goto done;
1559
1560 if (!TEST_int_eq(EVP_PKEY_param_check(ctx), expected_param_check))
1561 goto done;
1562
1563 ctx2 = EVP_PKEY_CTX_new_id(0xdefaced, NULL);
1564 /* assign the pkey directly, as an internal test */
1565 EVP_PKEY_up_ref(pkey);
1566 ctx2->pkey = pkey;
1567
1568 if (!TEST_int_eq(EVP_PKEY_check(ctx2), 0xbeef))
1569 goto done;
1570
1571 if (!TEST_int_eq(EVP_PKEY_public_check(ctx2), 0xbeef))
1572 goto done;
1573
1574 if (!TEST_int_eq(EVP_PKEY_param_check(ctx2), 0xbeef))
1575 goto done;
1576
1577 ret = 1;
1578
1579 done:
1580 EVP_PKEY_CTX_free(ctx);
1581 EVP_PKEY_CTX_free(ctx2);
1582 EVP_PKEY_free(pkey);
1583 BIO_free(pubkey);
1584 return ret;
1585 }
1586
test_HKDF(void)1587 static int test_HKDF(void)
1588 {
1589 EVP_PKEY_CTX *pctx;
1590 unsigned char out[20];
1591 size_t outlen;
1592 int i, ret = 0;
1593 unsigned char salt[] = "0123456789";
1594 unsigned char key[] = "012345678901234567890123456789";
1595 unsigned char info[] = "infostring";
1596 const unsigned char expected[] = {
1597 0xe5, 0x07, 0x70, 0x7f, 0xc6, 0x78, 0xd6, 0x54, 0x32, 0x5f, 0x7e, 0xc5,
1598 0x7b, 0x59, 0x3e, 0xd8, 0x03, 0x6b, 0xed, 0xca
1599 };
1600 size_t expectedlen = sizeof(expected);
1601
1602 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_HKDF, NULL)))
1603 goto done;
1604
1605 /* We do this twice to test reuse of the EVP_PKEY_CTX */
1606 for (i = 0; i < 2; i++) {
1607 outlen = sizeof(out);
1608 memset(out, 0, outlen);
1609
1610 if (!TEST_int_gt(EVP_PKEY_derive_init(pctx), 0)
1611 || !TEST_int_gt(EVP_PKEY_CTX_set_hkdf_md(pctx, EVP_sha256()), 0)
1612 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_salt(pctx, salt,
1613 sizeof(salt) - 1), 0)
1614 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_key(pctx, key,
1615 sizeof(key) - 1), 0)
1616 || !TEST_int_gt(EVP_PKEY_CTX_add1_hkdf_info(pctx, info,
1617 sizeof(info) - 1), 0)
1618 || !TEST_int_gt(EVP_PKEY_derive(pctx, out, &outlen), 0)
1619 || !TEST_mem_eq(out, outlen, expected, expectedlen))
1620 goto done;
1621 }
1622
1623 ret = 1;
1624
1625 done:
1626 EVP_PKEY_CTX_free(pctx);
1627
1628 return ret;
1629 }
1630
1631 #ifndef OPENSSL_NO_EC
test_X509_PUBKEY_inplace(void)1632 static int test_X509_PUBKEY_inplace(void)
1633 {
1634 int ret = 0;
1635 X509_PUBKEY *xp = NULL;
1636 const unsigned char *p = kExampleECPubKeyDER;
1637 size_t input_len = sizeof(kExampleECPubKeyDER);
1638
1639 if (!TEST_ptr(xp = d2i_X509_PUBKEY(NULL, &p, input_len)))
1640 goto done;
1641
1642 if (!TEST_ptr(X509_PUBKEY_get0(xp)))
1643 goto done;
1644
1645 p = kExampleBadECPubKeyDER;
1646 input_len = sizeof(kExampleBadECPubKeyDER);
1647
1648 if (!TEST_ptr(xp = d2i_X509_PUBKEY(&xp, &p, input_len)))
1649 goto done;
1650
1651 if (!TEST_true(X509_PUBKEY_get0(xp) == NULL))
1652 goto done;
1653
1654 ret = 1;
1655
1656 done:
1657 X509_PUBKEY_free(xp);
1658 return ret;
1659 }
1660 #endif
1661
1662 #if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
test_decrypt_null_chunks(void)1663 static int test_decrypt_null_chunks(void)
1664 {
1665 EVP_CIPHER_CTX* ctx = NULL;
1666 const unsigned char key[32] = {
1667 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
1668 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
1669 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1
1670 };
1671 unsigned char iv[12] = {
1672 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b
1673 };
1674 unsigned char msg[] = "It was the best of times, it was the worst of times";
1675 unsigned char ciphertext[80];
1676 unsigned char plaintext[80];
1677 /* We initialise tmp to a non zero value on purpose */
1678 int ctlen, ptlen, tmp = 99;
1679 int ret = 0;
1680 const int enc_offset = 10, dec_offset = 20;
1681
1682 if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new())
1683 || !TEST_true(EVP_EncryptInit_ex(ctx, EVP_chacha20_poly1305(), NULL,
1684 key, iv))
1685 || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext, &ctlen, msg,
1686 enc_offset))
1687 /* Deliberate add a zero length update */
1688 || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext + ctlen, &tmp, NULL,
1689 0))
1690 || !TEST_int_eq(tmp, 0)
1691 || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext + ctlen, &tmp,
1692 msg + enc_offset,
1693 sizeof(msg) - enc_offset))
1694 || !TEST_int_eq(ctlen += tmp, sizeof(msg))
1695 || !TEST_true(EVP_EncryptFinal(ctx, ciphertext + ctlen, &tmp))
1696 || !TEST_int_eq(tmp, 0))
1697 goto err;
1698
1699 /* Deliberately initialise tmp to a non zero value */
1700 tmp = 99;
1701 if (!TEST_true(EVP_DecryptInit_ex(ctx, EVP_chacha20_poly1305(), NULL, key,
1702 iv))
1703 || !TEST_true(EVP_DecryptUpdate(ctx, plaintext, &ptlen, ciphertext,
1704 dec_offset))
1705 /*
1706 * Deliberately add a zero length update. We also deliberately do
1707 * this at a different offset than for encryption.
1708 */
1709 || !TEST_true(EVP_DecryptUpdate(ctx, plaintext + ptlen, &tmp, NULL,
1710 0))
1711 || !TEST_int_eq(tmp, 0)
1712 || !TEST_true(EVP_DecryptUpdate(ctx, plaintext + ptlen, &tmp,
1713 ciphertext + dec_offset,
1714 ctlen - dec_offset))
1715 || !TEST_int_eq(ptlen += tmp, sizeof(msg))
1716 || !TEST_true(EVP_DecryptFinal(ctx, plaintext + ptlen, &tmp))
1717 || !TEST_int_eq(tmp, 0)
1718 || !TEST_mem_eq(msg, sizeof(msg), plaintext, ptlen))
1719 goto err;
1720
1721 ret = 1;
1722 err:
1723 EVP_CIPHER_CTX_free(ctx);
1724 return ret;
1725 }
1726 #endif /* !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305) */
1727
1728 #ifndef OPENSSL_NO_DH
test_EVP_PKEY_set1_DH(void)1729 static int test_EVP_PKEY_set1_DH(void)
1730 {
1731 DH *x942dh, *pkcs3dh;
1732 EVP_PKEY *pkey1, *pkey2;
1733 int ret = 0;
1734
1735 x942dh = DH_get_2048_256();
1736 pkcs3dh = DH_new_by_nid(NID_ffdhe2048);
1737 pkey1 = EVP_PKEY_new();
1738 pkey2 = EVP_PKEY_new();
1739 if (!TEST_ptr(x942dh)
1740 || !TEST_ptr(pkcs3dh)
1741 || !TEST_ptr(pkey1)
1742 || !TEST_ptr(pkey2))
1743 goto err;
1744
1745 if(!TEST_true(EVP_PKEY_set1_DH(pkey1, x942dh))
1746 || !TEST_int_eq(EVP_PKEY_id(pkey1), EVP_PKEY_DHX))
1747 goto err;
1748
1749
1750 if(!TEST_true(EVP_PKEY_set1_DH(pkey2, pkcs3dh))
1751 || !TEST_int_eq(EVP_PKEY_id(pkey2), EVP_PKEY_DH))
1752 goto err;
1753
1754 ret = 1;
1755 err:
1756 EVP_PKEY_free(pkey1);
1757 EVP_PKEY_free(pkey2);
1758 DH_free(x942dh);
1759 DH_free(pkcs3dh);
1760
1761 return ret;
1762 }
1763 #endif /* OPENSSL_NO_DH */
1764
1765 typedef struct {
1766 int data;
1767 } custom_dgst_ctx;
1768
1769 static int custom_md_init_called = 0;
1770 static int custom_md_cleanup_called = 0;
1771
custom_md_init(EVP_MD_CTX * ctx)1772 static int custom_md_init(EVP_MD_CTX *ctx)
1773 {
1774 custom_dgst_ctx *p = EVP_MD_CTX_md_data(ctx);
1775
1776 if (p == NULL)
1777 return 0;
1778
1779 custom_md_init_called++;
1780 return 1;
1781 }
1782
custom_md_cleanup(EVP_MD_CTX * ctx)1783 static int custom_md_cleanup(EVP_MD_CTX *ctx)
1784 {
1785 custom_dgst_ctx *p = EVP_MD_CTX_md_data(ctx);
1786
1787 if (p == NULL)
1788 /* Nothing to do */
1789 return 1;
1790
1791 custom_md_cleanup_called++;
1792 return 1;
1793 }
1794
test_custom_md_meth(void)1795 static int test_custom_md_meth(void)
1796 {
1797 EVP_MD_CTX *mdctx = NULL;
1798 EVP_MD *tmp = NULL;
1799 char mess[] = "Test Message\n";
1800 unsigned char md_value[EVP_MAX_MD_SIZE];
1801 unsigned int md_len;
1802 int testresult = 0;
1803 int nid;
1804
1805 custom_md_init_called = custom_md_cleanup_called = 0;
1806
1807 nid = OBJ_create("1.3.6.1.4.1.16604.998866.1", "custom-md", "custom-md");
1808 if (!TEST_int_ne(nid, NID_undef))
1809 goto err;
1810 tmp = EVP_MD_meth_new(nid, NID_undef);
1811 if (!TEST_ptr(tmp))
1812 goto err;
1813
1814 if (!TEST_true(EVP_MD_meth_set_init(tmp, custom_md_init))
1815 || !TEST_true(EVP_MD_meth_set_cleanup(tmp, custom_md_cleanup))
1816 || !TEST_true(EVP_MD_meth_set_app_datasize(tmp,
1817 sizeof(custom_dgst_ctx))))
1818 goto err;
1819
1820 mdctx = EVP_MD_CTX_new();
1821 if (!TEST_ptr(mdctx)
1822 /*
1823 * Initing our custom md and then initing another md should
1824 * result in the init and cleanup functions of the custom md
1825 * from being called.
1826 */
1827 || !TEST_true(EVP_DigestInit_ex(mdctx, tmp, NULL))
1828 || !TEST_true(EVP_DigestInit_ex(mdctx, EVP_sha256(), NULL))
1829 || !TEST_true(EVP_DigestUpdate(mdctx, mess, strlen(mess)))
1830 || !TEST_true(EVP_DigestFinal_ex(mdctx, md_value, &md_len))
1831 || !TEST_int_eq(custom_md_init_called, 1)
1832 || !TEST_int_eq(custom_md_cleanup_called, 1))
1833 goto err;
1834
1835 testresult = 1;
1836 err:
1837 EVP_MD_CTX_free(mdctx);
1838 EVP_MD_meth_free(tmp);
1839 return testresult;
1840 }
1841
1842 #if !defined(OPENSSL_NO_ENGINE) && !defined(OPENSSL_NO_DYNAMIC_ENGINE)
1843 /* Test we can create a signature keys with an associated ENGINE */
test_signatures_with_engine(int tst)1844 static int test_signatures_with_engine(int tst)
1845 {
1846 ENGINE *e;
1847 const char *engine_id = "dasync";
1848 EVP_PKEY *pkey = NULL;
1849 const unsigned char badcmackey[] = { 0x00, 0x01 };
1850 const unsigned char cmackey[] = {
1851 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
1852 0x0c, 0x0d, 0x0e, 0x0f
1853 };
1854 const unsigned char ed25519key[] = {
1855 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
1856 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
1857 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f
1858 };
1859 const unsigned char msg[] = { 0x00, 0x01, 0x02, 0x03 };
1860 int testresult = 0;
1861 EVP_MD_CTX *ctx = NULL;
1862 unsigned char *mac = NULL;
1863 size_t maclen = 0;
1864 int ret;
1865
1866 # ifdef OPENSSL_NO_CMAC
1867 /* Skip CMAC tests in a no-cmac build */
1868 if (tst <= 1)
1869 return 1;
1870 # endif
1871
1872 if (!TEST_ptr(e = ENGINE_by_id(engine_id)))
1873 return 0;
1874
1875 if (!TEST_true(ENGINE_init(e))) {
1876 ENGINE_free(e);
1877 return 0;
1878 }
1879
1880 switch (tst) {
1881 case 0:
1882 pkey = EVP_PKEY_new_CMAC_key(e, cmackey, sizeof(cmackey),
1883 EVP_aes_128_cbc());
1884 break;
1885 case 1:
1886 pkey = EVP_PKEY_new_CMAC_key(e, badcmackey, sizeof(badcmackey),
1887 EVP_aes_128_cbc());
1888 break;
1889 case 2:
1890 pkey = EVP_PKEY_new_raw_private_key(EVP_PKEY_ED25519, e, ed25519key,
1891 sizeof(ed25519key));
1892 break;
1893 default:
1894 TEST_error("Invalid test case");
1895 goto err;
1896 }
1897 if (tst == 1) {
1898 /*
1899 * In 1.1.1 CMAC keys will fail to during EVP_PKEY_new_CMAC_key() if the
1900 * key is bad. In later versions this isn't detected until later.
1901 */
1902 if (!TEST_ptr_null(pkey))
1903 goto err;
1904 } else {
1905 if (!TEST_ptr(pkey))
1906 goto err;
1907 }
1908
1909 if (tst == 0 || tst == 1) {
1910 /*
1911 * We stop the test here for tests 0 and 1. The dasync engine doesn't
1912 * actually support CMAC in 1.1.1.
1913 */
1914 testresult = 1;
1915 goto err;
1916 }
1917
1918 if (!TEST_ptr(ctx = EVP_MD_CTX_new()))
1919 goto err;
1920
1921 ret = EVP_DigestSignInit(ctx, NULL, tst == 2 ? NULL : EVP_sha256(), NULL,
1922 pkey);
1923 if (tst == 0) {
1924 if (!TEST_true(ret))
1925 goto err;
1926
1927 if (!TEST_true(EVP_DigestSignUpdate(ctx, msg, sizeof(msg)))
1928 || !TEST_true(EVP_DigestSignFinal(ctx, NULL, &maclen)))
1929 goto err;
1930
1931 if (!TEST_ptr(mac = OPENSSL_malloc(maclen)))
1932 goto err;
1933
1934 if (!TEST_true(EVP_DigestSignFinal(ctx, mac, &maclen)))
1935 goto err;
1936 } else {
1937 /* We used a bad key. We expect a failure here */
1938 if (!TEST_false(ret))
1939 goto err;
1940 }
1941
1942 testresult = 1;
1943 err:
1944 EVP_MD_CTX_free(ctx);
1945 OPENSSL_free(mac);
1946 EVP_PKEY_free(pkey);
1947 ENGINE_finish(e);
1948 ENGINE_free(e);
1949
1950 return testresult;
1951 }
1952
test_cipher_with_engine(void)1953 static int test_cipher_with_engine(void)
1954 {
1955 ENGINE *e;
1956 const char *engine_id = "dasync";
1957 const unsigned char keyiv[] = {
1958 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
1959 0x0c, 0x0d, 0x0e, 0x0f
1960 };
1961 const unsigned char msg[] = { 0x00, 0x01, 0x02, 0x03 };
1962 int testresult = 0;
1963 EVP_CIPHER_CTX *ctx = NULL, *ctx2 = NULL;
1964 unsigned char buf[AES_BLOCK_SIZE];
1965 int len = 0;
1966
1967 if (!TEST_ptr(e = ENGINE_by_id(engine_id)))
1968 return 0;
1969
1970 if (!TEST_true(ENGINE_init(e))) {
1971 ENGINE_free(e);
1972 return 0;
1973 }
1974
1975 if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new())
1976 || !TEST_ptr(ctx2 = EVP_CIPHER_CTX_new()))
1977 goto err;
1978
1979 if (!TEST_true(EVP_EncryptInit_ex(ctx, EVP_aes_128_cbc(), e, keyiv, keyiv)))
1980 goto err;
1981
1982 /* Copy the ctx, and complete the operation with the new ctx */
1983 if (!TEST_true(EVP_CIPHER_CTX_copy(ctx2, ctx)))
1984 goto err;
1985
1986 if (!TEST_true(EVP_EncryptUpdate(ctx2, buf, &len, msg, sizeof(msg)))
1987 || !TEST_true(EVP_EncryptFinal_ex(ctx2, buf + len, &len)))
1988 goto err;
1989
1990 testresult = 1;
1991 err:
1992 EVP_CIPHER_CTX_free(ctx);
1993 EVP_CIPHER_CTX_free(ctx2);
1994 ENGINE_finish(e);
1995 ENGINE_free(e);
1996
1997 return testresult;
1998 }
1999 #endif /* !defined(OPENSSL_NO_ENGINE) && !defined(OPENSSL_NO_DYNAMIC_ENGINE) */
2000
setup_tests(void)2001 int setup_tests(void)
2002 {
2003 #if !defined(OPENSSL_NO_ENGINE) && !defined(OPENSSL_NO_DYNAMIC_ENGINE)
2004 ENGINE_load_builtin_engines();
2005 #endif
2006 ADD_TEST(test_EVP_DigestSignInit);
2007 ADD_TEST(test_EVP_DigestVerifyInit);
2008 ADD_TEST(test_EVP_Enveloped);
2009 ADD_ALL_TESTS(test_d2i_AutoPrivateKey, OSSL_NELEM(keydata));
2010 #ifndef OPENSSL_NO_EC
2011 ADD_TEST(test_EVP_PKCS82PKEY);
2012 #endif
2013 #ifndef OPENSSL_NO_SM2
2014 ADD_TEST(test_EVP_SM2);
2015 ADD_TEST(test_EVP_SM2_verify);
2016 #endif
2017 ADD_ALL_TESTS(test_set_get_raw_keys, OSSL_NELEM(keys));
2018 custom_pmeth = EVP_PKEY_meth_new(0xdefaced, 0);
2019 if (!TEST_ptr(custom_pmeth))
2020 return 0;
2021 EVP_PKEY_meth_set_check(custom_pmeth, pkey_custom_check);
2022 EVP_PKEY_meth_set_public_check(custom_pmeth, pkey_custom_pub_check);
2023 EVP_PKEY_meth_set_param_check(custom_pmeth, pkey_custom_param_check);
2024 if (!TEST_int_eq(EVP_PKEY_meth_add0(custom_pmeth), 1))
2025 return 0;
2026 ADD_ALL_TESTS(test_EVP_PKEY_check, OSSL_NELEM(keycheckdata));
2027 ADD_TEST(test_HKDF);
2028 #ifndef OPENSSL_NO_EC
2029 ADD_TEST(test_X509_PUBKEY_inplace);
2030 ADD_ALL_TESTS(test_invalide_ec_char2_pub_range_decode,
2031 OSSL_NELEM(ec_der_pub_keys));
2032 #endif
2033 #if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
2034 ADD_TEST(test_decrypt_null_chunks);
2035 #endif
2036 #ifndef OPENSSL_NO_DH
2037 ADD_TEST(test_EVP_PKEY_set1_DH);
2038 #endif
2039
2040 ADD_ALL_TESTS(test_evp_init_seq, OSSL_NELEM(evp_init_tests));
2041 ADD_ALL_TESTS(test_evp_reset, OSSL_NELEM(evp_reset_tests));
2042 ADD_ALL_TESTS(test_gcm_reinit, OSSL_NELEM(gcm_reinit_tests));
2043 ADD_ALL_TESTS(test_evp_updated_iv, OSSL_NELEM(evp_updated_iv_tests));
2044
2045 ADD_TEST(test_custom_md_meth);
2046 #if !defined(OPENSSL_NO_ENGINE) && !defined(OPENSSL_NO_DYNAMIC_ENGINE)
2047 # ifndef OPENSSL_NO_EC
2048 ADD_ALL_TESTS(test_signatures_with_engine, 3);
2049 # else
2050 ADD_ALL_TESTS(test_signatures_with_engine, 2);
2051 # endif
2052 ADD_TEST(test_cipher_with_engine);
2053 #endif
2054
2055 return 1;
2056 }
2057