1 /* 2 * Copyright 2015-2019 The OpenSSL Project Authors. All Rights Reserved. 3 * 4 * Licensed under the OpenSSL license (the "License"). You may not use 5 * this file except in compliance with the License. You can obtain a copy 6 * in the file LICENSE in the source distribution or at 7 * https://www.openssl.org/source/license.html 8 */ 9 10 #include <stdio.h> 11 #include <stdlib.h> 12 #include <string.h> 13 #include <openssl/bio.h> 14 #include <openssl/crypto.h> 15 #include <openssl/err.h> 16 #include <openssl/evp.h> 17 #include <openssl/rsa.h> 18 #include <openssl/x509.h> 19 #include <openssl/pem.h> 20 #include <openssl/kdf.h> 21 #include "testutil.h" 22 #include "internal/nelem.h" 23 #include "internal/evp_int.h" 24 25 /* 26 * kExampleRSAKeyDER is an RSA private key in ASN.1, DER format. Of course, you 27 * should never use this key anywhere but in an example. 28 */ 29 static const unsigned char kExampleRSAKeyDER[] = { 30 0x30, 0x82, 0x02, 0x5c, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81, 0x00, 0xf8, 31 0xb8, 0x6c, 0x83, 0xb4, 0xbc, 0xd9, 0xa8, 0x57, 0xc0, 0xa5, 0xb4, 0x59, 32 0x76, 0x8c, 0x54, 0x1d, 0x79, 0xeb, 0x22, 0x52, 0x04, 0x7e, 0xd3, 0x37, 33 0xeb, 0x41, 0xfd, 0x83, 0xf9, 0xf0, 0xa6, 0x85, 0x15, 0x34, 0x75, 0x71, 34 0x5a, 0x84, 0xa8, 0x3c, 0xd2, 0xef, 0x5a, 0x4e, 0xd3, 0xde, 0x97, 0x8a, 35 0xdd, 0xff, 0xbb, 0xcf, 0x0a, 0xaa, 0x86, 0x92, 0xbe, 0xb8, 0x50, 0xe4, 36 0xcd, 0x6f, 0x80, 0x33, 0x30, 0x76, 0x13, 0x8f, 0xca, 0x7b, 0xdc, 0xec, 37 0x5a, 0xca, 0x63, 0xc7, 0x03, 0x25, 0xef, 0xa8, 0x8a, 0x83, 0x58, 0x76, 38 0x20, 0xfa, 0x16, 0x77, 0xd7, 0x79, 0x92, 0x63, 0x01, 0x48, 0x1a, 0xd8, 39 0x7b, 0x67, 0xf1, 0x52, 0x55, 0x49, 0x4e, 0xd6, 0x6e, 0x4a, 0x5c, 0xd7, 40 0x7a, 0x37, 0x36, 0x0c, 0xde, 0xdd, 0x8f, 0x44, 0xe8, 0xc2, 0xa7, 0x2c, 41 0x2b, 0xb5, 0xaf, 0x64, 0x4b, 0x61, 0x07, 0x02, 0x03, 0x01, 0x00, 0x01, 42 0x02, 0x81, 0x80, 0x74, 0x88, 0x64, 0x3f, 0x69, 0x45, 0x3a, 0x6d, 0xc7, 43 0x7f, 0xb9, 0xa3, 0xc0, 0x6e, 0xec, 0xdc, 0xd4, 0x5a, 0xb5, 0x32, 0x85, 44 0x5f, 0x19, 0xd4, 0xf8, 0xd4, 0x3f, 0x3c, 0xfa, 0xc2, 0xf6, 0x5f, 0xee, 45 0xe6, 0xba, 0x87, 0x74, 0x2e, 0xc7, 0x0c, 0xd4, 0x42, 0xb8, 0x66, 0x85, 46 0x9c, 0x7b, 0x24, 0x61, 0xaa, 0x16, 0x11, 0xf6, 0xb5, 0xb6, 0xa4, 0x0a, 47 0xc9, 0x55, 0x2e, 0x81, 0xa5, 0x47, 0x61, 0xcb, 0x25, 0x8f, 0xc2, 0x15, 48 0x7b, 0x0e, 0x7c, 0x36, 0x9f, 0x3a, 0xda, 0x58, 0x86, 0x1c, 0x5b, 0x83, 49 0x79, 0xe6, 0x2b, 0xcc, 0xe6, 0xfa, 0x2c, 0x61, 0xf2, 0x78, 0x80, 0x1b, 50 0xe2, 0xf3, 0x9d, 0x39, 0x2b, 0x65, 0x57, 0x91, 0x3d, 0x71, 0x99, 0x73, 51 0xa5, 0xc2, 0x79, 0x20, 0x8c, 0x07, 0x4f, 0xe5, 0xb4, 0x60, 0x1f, 0x99, 52 0xa2, 0xb1, 0x4f, 0x0c, 0xef, 0xbc, 0x59, 0x53, 0x00, 0x7d, 0xb1, 0x02, 53 0x41, 0x00, 0xfc, 0x7e, 0x23, 0x65, 0x70, 0xf8, 0xce, 0xd3, 0x40, 0x41, 54 0x80, 0x6a, 0x1d, 0x01, 0xd6, 0x01, 0xff, 0xb6, 0x1b, 0x3d, 0x3d, 0x59, 55 0x09, 0x33, 0x79, 0xc0, 0x4f, 0xde, 0x96, 0x27, 0x4b, 0x18, 0xc6, 0xd9, 56 0x78, 0xf1, 0xf4, 0x35, 0x46, 0xe9, 0x7c, 0x42, 0x7a, 0x5d, 0x9f, 0xef, 57 0x54, 0xb8, 0xf7, 0x9f, 0xc4, 0x33, 0x6c, 0xf3, 0x8c, 0x32, 0x46, 0x87, 58 0x67, 0x30, 0x7b, 0xa7, 0xac, 0xe3, 0x02, 0x41, 0x00, 0xfc, 0x2c, 0xdf, 59 0x0c, 0x0d, 0x88, 0xf5, 0xb1, 0x92, 0xa8, 0x93, 0x47, 0x63, 0x55, 0xf5, 60 0xca, 0x58, 0x43, 0xba, 0x1c, 0xe5, 0x9e, 0xb6, 0x95, 0x05, 0xcd, 0xb5, 61 0x82, 0xdf, 0xeb, 0x04, 0x53, 0x9d, 0xbd, 0xc2, 0x38, 0x16, 0xb3, 0x62, 62 0xdd, 0xa1, 0x46, 0xdb, 0x6d, 0x97, 0x93, 0x9f, 0x8a, 0xc3, 0x9b, 0x64, 63 0x7e, 0x42, 0xe3, 0x32, 0x57, 0x19, 0x1b, 0xd5, 0x6e, 0x85, 0xfa, 0xb8, 64 0x8d, 0x02, 0x41, 0x00, 0xbc, 0x3d, 0xde, 0x6d, 0xd6, 0x97, 0xe8, 0xba, 65 0x9e, 0x81, 0x37, 0x17, 0xe5, 0xa0, 0x64, 0xc9, 0x00, 0xb7, 0xe7, 0xfe, 66 0xf4, 0x29, 0xd9, 0x2e, 0x43, 0x6b, 0x19, 0x20, 0xbd, 0x99, 0x75, 0xe7, 67 0x76, 0xf8, 0xd3, 0xae, 0xaf, 0x7e, 0xb8, 0xeb, 0x81, 0xf4, 0x9d, 0xfe, 68 0x07, 0x2b, 0x0b, 0x63, 0x0b, 0x5a, 0x55, 0x90, 0x71, 0x7d, 0xf1, 0xdb, 69 0xd9, 0xb1, 0x41, 0x41, 0x68, 0x2f, 0x4e, 0x39, 0x02, 0x40, 0x5a, 0x34, 70 0x66, 0xd8, 0xf5, 0xe2, 0x7f, 0x18, 0xb5, 0x00, 0x6e, 0x26, 0x84, 0x27, 71 0x14, 0x93, 0xfb, 0xfc, 0xc6, 0x0f, 0x5e, 0x27, 0xe6, 0xe1, 0xe9, 0xc0, 72 0x8a, 0xe4, 0x34, 0xda, 0xe9, 0xa2, 0x4b, 0x73, 0xbc, 0x8c, 0xb9, 0xba, 73 0x13, 0x6c, 0x7a, 0x2b, 0x51, 0x84, 0xa3, 0x4a, 0xe0, 0x30, 0x10, 0x06, 74 0x7e, 0xed, 0x17, 0x5a, 0x14, 0x00, 0xc9, 0xef, 0x85, 0xea, 0x52, 0x2c, 75 0xbc, 0x65, 0x02, 0x40, 0x51, 0xe3, 0xf2, 0x83, 0x19, 0x9b, 0xc4, 0x1e, 76 0x2f, 0x50, 0x3d, 0xdf, 0x5a, 0xa2, 0x18, 0xca, 0x5f, 0x2e, 0x49, 0xaf, 77 0x6f, 0xcc, 0xfa, 0x65, 0x77, 0x94, 0xb5, 0xa1, 0x0a, 0xa9, 0xd1, 0x8a, 78 0x39, 0x37, 0xf4, 0x0b, 0xa0, 0xd7, 0x82, 0x27, 0x5e, 0xae, 0x17, 0x17, 79 0xa1, 0x1e, 0x54, 0x34, 0xbf, 0x6e, 0xc4, 0x8e, 0x99, 0x5d, 0x08, 0xf1, 80 0x2d, 0x86, 0x9d, 0xa5, 0x20, 0x1b, 0xe5, 0xdf, 81 }; 82 83 /* 84 * kExampleBadRSAKeyDER is an RSA private key in ASN.1, DER format. The private 85 * components are not correct. 86 */ 87 static const unsigned char kExampleBadRSAKeyDER[] = { 88 0x30, 0x82, 0x04, 0x27, 0x02, 0x01, 0x00, 0x02, 0x82, 0x01, 0x01, 0x00, 89 0xa6, 0x1a, 0x1e, 0x6e, 0x7b, 0xee, 0xc6, 0x89, 0x66, 0xe7, 0x93, 0xef, 90 0x54, 0x12, 0x68, 0xea, 0xbf, 0x86, 0x2f, 0xdd, 0xd2, 0x79, 0xb8, 0xa9, 91 0x6e, 0x03, 0xc2, 0xa3, 0xb9, 0xa3, 0xe1, 0x4b, 0x2a, 0xb3, 0xf8, 0xb4, 92 0xcd, 0xea, 0xbe, 0x24, 0xa6, 0x57, 0x5b, 0x83, 0x1f, 0x0f, 0xf2, 0xd3, 93 0xb7, 0xac, 0x7e, 0xd6, 0x8e, 0x6e, 0x1e, 0xbf, 0xb8, 0x73, 0x8c, 0x05, 94 0x56, 0xe6, 0x35, 0x1f, 0xe9, 0x04, 0x0b, 0x09, 0x86, 0x7d, 0xf1, 0x26, 95 0x08, 0x99, 0xad, 0x7b, 0xc8, 0x4d, 0x94, 0xb0, 0x0b, 0x8b, 0x38, 0xa0, 96 0x5c, 0x62, 0xa0, 0xab, 0xd3, 0x8f, 0xd4, 0x09, 0x60, 0x72, 0x1e, 0x33, 97 0x50, 0x80, 0x6e, 0x22, 0xa6, 0x77, 0x57, 0x6b, 0x9a, 0x33, 0x21, 0x66, 98 0x87, 0x6e, 0x21, 0x7b, 0xc7, 0x24, 0x0e, 0xd8, 0x13, 0xdf, 0x83, 0xde, 99 0xcd, 0x40, 0x58, 0x1d, 0x84, 0x86, 0xeb, 0xb8, 0x12, 0x4e, 0xd2, 0xfa, 100 0x80, 0x1f, 0xe4, 0xe7, 0x96, 0x29, 0xb8, 0xcc, 0xce, 0x66, 0x6d, 0x53, 101 0xca, 0xb9, 0x5a, 0xd7, 0xf6, 0x84, 0x6c, 0x2d, 0x9a, 0x1a, 0x14, 0x1c, 102 0x4e, 0x93, 0x39, 0xba, 0x74, 0xed, 0xed, 0x87, 0x87, 0x5e, 0x48, 0x75, 103 0x36, 0xf0, 0xbc, 0x34, 0xfb, 0x29, 0xf9, 0x9f, 0x96, 0x5b, 0x0b, 0xa7, 104 0x54, 0x30, 0x51, 0x29, 0x18, 0x5b, 0x7d, 0xac, 0x0f, 0xd6, 0x5f, 0x7c, 105 0xf8, 0x98, 0x8c, 0xd8, 0x86, 0x62, 0xb3, 0xdc, 0xff, 0x0f, 0xff, 0x7a, 106 0xaf, 0x5c, 0x4c, 0x61, 0x49, 0x2e, 0xc8, 0x95, 0x86, 0xc4, 0x0e, 0x87, 107 0xfc, 0x1d, 0xcf, 0x8b, 0x7c, 0x61, 0xf6, 0xd8, 0xd0, 0x69, 0xf6, 0xcd, 108 0x8a, 0x8c, 0xf6, 0x62, 0xa2, 0x56, 0xa9, 0xe3, 0xd1, 0xcf, 0x4d, 0xa0, 109 0xf6, 0x2d, 0x20, 0x0a, 0x04, 0xb7, 0xa2, 0xf7, 0xb5, 0x99, 0x47, 0x18, 110 0x56, 0x85, 0x87, 0xc7, 0x02, 0x03, 0x01, 0x00, 0x01, 0x02, 0x82, 0x01, 111 0x01, 0x00, 0x99, 0x41, 0x38, 0x1a, 0xd0, 0x96, 0x7a, 0xf0, 0x83, 0xd5, 112 0xdf, 0x94, 0xce, 0x89, 0x3d, 0xec, 0x7a, 0x52, 0x21, 0x10, 0x16, 0x06, 113 0xe0, 0xee, 0xd2, 0xe6, 0xfd, 0x4b, 0x7b, 0x19, 0x4d, 0xe1, 0xc0, 0xc0, 114 0xd5, 0x14, 0x5d, 0x79, 0xdd, 0x7e, 0x8b, 0x4b, 0xc6, 0xcf, 0xb0, 0x75, 115 0x52, 0xa3, 0x2d, 0xb1, 0x26, 0x46, 0x68, 0x9c, 0x0a, 0x1a, 0xf2, 0xe1, 116 0x09, 0xac, 0x53, 0x85, 0x8c, 0x36, 0xa9, 0x14, 0x65, 0xea, 0xa0, 0x00, 117 0xcb, 0xe3, 0x3f, 0xc4, 0x2b, 0x61, 0x2e, 0x6b, 0x06, 0x69, 0x77, 0xfd, 118 0x38, 0x7e, 0x1d, 0x3f, 0x92, 0xe7, 0x77, 0x08, 0x19, 0xa7, 0x9d, 0x29, 119 0x2d, 0xdc, 0x42, 0xc6, 0x7c, 0xd7, 0xd3, 0xa8, 0x01, 0x2c, 0xf2, 0xd5, 120 0x82, 0x57, 0xcb, 0x55, 0x3d, 0xe7, 0xaa, 0xd2, 0x06, 0x30, 0x30, 0x05, 121 0xe6, 0xf2, 0x47, 0x86, 0xba, 0xc6, 0x61, 0x64, 0xeb, 0x4f, 0x2a, 0x5e, 122 0x07, 0x29, 0xe0, 0x96, 0xb2, 0x43, 0xff, 0x5f, 0x1a, 0x54, 0x16, 0xcf, 123 0xb5, 0x56, 0x5c, 0xa0, 0x9b, 0x0c, 0xfd, 0xb3, 0xd2, 0xe3, 0x79, 0x1d, 124 0x21, 0xe2, 0xd6, 0x13, 0xc4, 0x74, 0xa6, 0xf5, 0x8e, 0x8e, 0x81, 0xbb, 125 0xb4, 0xad, 0x8a, 0xf0, 0x93, 0x0a, 0xd8, 0x0a, 0x42, 0x36, 0xbc, 0xe5, 126 0x26, 0x2a, 0x0d, 0x5d, 0x57, 0x13, 0xc5, 0x4e, 0x2f, 0x12, 0x0e, 0xef, 127 0xa7, 0x81, 0x1e, 0xc3, 0xa5, 0xdb, 0xc9, 0x24, 0xeb, 0x1a, 0xa1, 0xf9, 128 0xf6, 0xa1, 0x78, 0x98, 0x93, 0x77, 0x42, 0x45, 0x03, 0xe2, 0xc9, 0xa2, 129 0xfe, 0x2d, 0x77, 0xc8, 0xc6, 0xac, 0x9b, 0x98, 0x89, 0x6d, 0x9a, 0xe7, 130 0x61, 0x63, 0xb7, 0xf2, 0xec, 0xd6, 0xb1, 0xa1, 0x6e, 0x0a, 0x1a, 0xff, 131 0xfd, 0x43, 0x28, 0xc3, 0x0c, 0xdc, 0xf2, 0x47, 0x4f, 0x27, 0xaa, 0x99, 132 0x04, 0x8e, 0xac, 0xe8, 0x7c, 0x01, 0x02, 0x04, 0x12, 0x34, 0x56, 0x78, 133 0x02, 0x81, 0x81, 0x00, 0xca, 0x69, 0xe5, 0xbb, 0x3a, 0x90, 0x82, 0xcb, 134 0x82, 0x50, 0x2f, 0x29, 0xe2, 0x76, 0x6a, 0x57, 0x55, 0x45, 0x4e, 0x35, 135 0x18, 0x61, 0xe0, 0x12, 0x70, 0xc0, 0xab, 0xc7, 0x80, 0xa2, 0xd4, 0x46, 136 0x34, 0x03, 0xa0, 0x19, 0x26, 0x23, 0x9e, 0xef, 0x1a, 0xcb, 0x75, 0xd6, 137 0xba, 0x81, 0xf4, 0x7e, 0x52, 0xe5, 0x2a, 0xe8, 0xf1, 0x49, 0x6c, 0x0f, 138 0x1a, 0xa0, 0xf9, 0xc6, 0xe7, 0xec, 0x60, 0xe4, 0xcb, 0x2a, 0xb5, 0x56, 139 0xe9, 0x9c, 0xcd, 0x19, 0x75, 0x92, 0xb1, 0x66, 0xce, 0xc3, 0xd9, 0x3d, 140 0x11, 0xcb, 0xc4, 0x09, 0xce, 0x1e, 0x30, 0xba, 0x2f, 0x60, 0x60, 0x55, 141 0x8d, 0x02, 0xdc, 0x5d, 0xaf, 0xf7, 0x52, 0x31, 0x17, 0x07, 0x53, 0x20, 142 0x33, 0xad, 0x8c, 0xd5, 0x2f, 0x5a, 0xd0, 0x57, 0xd7, 0xd1, 0x80, 0xd6, 143 0x3a, 0x9b, 0x04, 0x4f, 0x35, 0xbf, 0xe7, 0xd5, 0xbc, 0x8f, 0xd4, 0x81, 144 0x02, 0x81, 0x81, 0x00, 0xc0, 0x9f, 0xf8, 0xcd, 0xf7, 0x3f, 0x26, 0x8a, 145 0x3d, 0x4d, 0x2b, 0x0c, 0x01, 0xd0, 0xa2, 0xb4, 0x18, 0xfe, 0xf7, 0x5e, 146 0x2f, 0x06, 0x13, 0xcd, 0x63, 0xaa, 0x12, 0xa9, 0x24, 0x86, 0xe3, 0xf3, 147 0x7b, 0xda, 0x1a, 0x3c, 0xb1, 0x38, 0x80, 0x80, 0xef, 0x64, 0x64, 0xa1, 148 0x9b, 0xfe, 0x76, 0x63, 0x8e, 0x83, 0xd2, 0xd9, 0xb9, 0x86, 0xb0, 0xe6, 149 0xa6, 0x0c, 0x7e, 0xa8, 0x84, 0x90, 0x98, 0x0c, 0x1e, 0xf3, 0x14, 0x77, 150 0xe0, 0x5f, 0x81, 0x08, 0x11, 0x8f, 0xa6, 0x23, 0xc4, 0xba, 0xc0, 0x8a, 151 0xe4, 0xc6, 0xe3, 0x5c, 0xbe, 0xc5, 0xec, 0x2c, 0xb9, 0xd8, 0x8c, 0x4d, 152 0x1a, 0x9d, 0xe7, 0x7c, 0x85, 0x4c, 0x0d, 0x71, 0x4e, 0x72, 0x33, 0x1b, 153 0xfe, 0xa9, 0x17, 0x72, 0x76, 0x56, 0x9d, 0x74, 0x7e, 0x52, 0x67, 0x9a, 154 0x87, 0x9a, 0xdb, 0x30, 0xde, 0xe4, 0x49, 0x28, 0x3b, 0xd2, 0x67, 0xaf, 155 0x02, 0x81, 0x81, 0x00, 0x89, 0x74, 0x9a, 0x8e, 0xa7, 0xb9, 0xa5, 0x28, 156 0xc0, 0x68, 0xe5, 0x6e, 0x63, 0x1c, 0x99, 0x20, 0x8f, 0x86, 0x8e, 0x12, 157 0x9e, 0x69, 0x30, 0xfa, 0x34, 0xd9, 0x92, 0x8d, 0xdb, 0x7c, 0x37, 0xfd, 158 0x28, 0xab, 0x61, 0x98, 0x52, 0x7f, 0x14, 0x1a, 0x39, 0xae, 0xfb, 0x6a, 159 0x03, 0xa3, 0xe6, 0xbd, 0xb6, 0x5b, 0x6b, 0xe5, 0x5e, 0x9d, 0xc6, 0xa5, 160 0x07, 0x27, 0x54, 0x17, 0xd0, 0x3d, 0x84, 0x9b, 0x3a, 0xa0, 0xd9, 0x1e, 161 0x99, 0x6c, 0x63, 0x17, 0xab, 0xf1, 0x1f, 0x49, 0xba, 0x95, 0xe3, 0x3b, 162 0x86, 0x8f, 0x42, 0xa4, 0x89, 0xf5, 0x94, 0x8f, 0x8b, 0x46, 0xbe, 0x84, 163 0xba, 0x4a, 0xbc, 0x0d, 0x5f, 0x46, 0xeb, 0xe8, 0xec, 0x43, 0x8c, 0x1e, 164 0xad, 0x19, 0x69, 0x2f, 0x08, 0x86, 0x7a, 0x3f, 0x7d, 0x0f, 0x07, 0x97, 165 0xf3, 0x9a, 0x7b, 0xb5, 0xb2, 0xc1, 0x8c, 0x95, 0x68, 0x04, 0xa0, 0x81, 166 0x02, 0x81, 0x80, 0x4e, 0xbf, 0x7e, 0x1b, 0xcb, 0x13, 0x61, 0x75, 0x3b, 167 0xdb, 0x59, 0x5f, 0xb1, 0xd4, 0xb8, 0xeb, 0x9e, 0x73, 0xb5, 0xe7, 0xf6, 168 0x89, 0x3d, 0x1c, 0xda, 0xf0, 0x36, 0xff, 0x35, 0xbd, 0x1e, 0x0b, 0x74, 169 0xe3, 0x9e, 0xf0, 0xf2, 0xf7, 0xd7, 0x82, 0xb7, 0x7b, 0x6a, 0x1b, 0x0e, 170 0x30, 0x4a, 0x98, 0x0e, 0xb4, 0xf9, 0x81, 0x07, 0xe4, 0x75, 0x39, 0xe9, 171 0x53, 0xca, 0xbb, 0x5c, 0xaa, 0x93, 0x07, 0x0e, 0xa8, 0x2f, 0xba, 0x98, 172 0x49, 0x30, 0xa7, 0xcc, 0x1a, 0x3c, 0x68, 0x0c, 0xe1, 0xa4, 0xb1, 0x05, 173 0xe6, 0xe0, 0x25, 0x78, 0x58, 0x14, 0x37, 0xf5, 0x1f, 0xe3, 0x22, 0xef, 174 0xa8, 0x0e, 0x22, 0xa0, 0x94, 0x3a, 0xf6, 0xc9, 0x13, 0xe6, 0x06, 0xbf, 175 0x7f, 0x99, 0xc6, 0xcc, 0xd8, 0xc6, 0xbe, 0xd9, 0x2e, 0x24, 0xc7, 0x69, 176 0x8c, 0x95, 0xba, 0xf6, 0x04, 0xb3, 0x0a, 0xf4, 0xcb, 0xf0, 0xce, 177 }; 178 179 static const unsigned char kMsg[] = { 1, 2, 3, 4 }; 180 181 static const unsigned char kSignature[] = { 182 0xa5, 0xf0, 0x8a, 0x47, 0x5d, 0x3c, 0xb3, 0xcc, 0xa9, 0x79, 0xaf, 0x4d, 183 0x8c, 0xae, 0x4c, 0x14, 0xef, 0xc2, 0x0b, 0x34, 0x36, 0xde, 0xf4, 0x3e, 184 0x3d, 0xbb, 0x4a, 0x60, 0x5c, 0xc8, 0x91, 0x28, 0xda, 0xfb, 0x7e, 0x04, 185 0x96, 0x7e, 0x63, 0x13, 0x90, 0xce, 0xb9, 0xb4, 0x62, 0x7a, 0xfd, 0x09, 186 0x3d, 0xc7, 0x67, 0x78, 0x54, 0x04, 0xeb, 0x52, 0x62, 0x6e, 0x24, 0x67, 187 0xb4, 0x40, 0xfc, 0x57, 0x62, 0xc6, 0xf1, 0x67, 0xc1, 0x97, 0x8f, 0x6a, 188 0xa8, 0xae, 0x44, 0x46, 0x5e, 0xab, 0x67, 0x17, 0x53, 0x19, 0x3a, 0xda, 189 0x5a, 0xc8, 0x16, 0x3e, 0x86, 0xd5, 0xc5, 0x71, 0x2f, 0xfc, 0x23, 0x48, 190 0xd9, 0x0b, 0x13, 0xdd, 0x7b, 0x5a, 0x25, 0x79, 0xef, 0xa5, 0x7b, 0x04, 191 0xed, 0x44, 0xf6, 0x18, 0x55, 0xe4, 0x0a, 0xe9, 0x57, 0x79, 0x5d, 0xd7, 192 0x55, 0xa7, 0xab, 0x45, 0x02, 0x97, 0x60, 0x42, 193 }; 194 195 /* 196 * kExampleRSAKeyPKCS8 is kExampleRSAKeyDER encoded in a PKCS #8 197 * PrivateKeyInfo. 198 */ 199 static const unsigned char kExampleRSAKeyPKCS8[] = { 200 0x30, 0x82, 0x02, 0x76, 0x02, 0x01, 0x00, 0x30, 0x0d, 0x06, 0x09, 0x2a, 201 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x04, 0x82, 202 0x02, 0x60, 0x30, 0x82, 0x02, 0x5c, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81, 203 0x00, 0xf8, 0xb8, 0x6c, 0x83, 0xb4, 0xbc, 0xd9, 0xa8, 0x57, 0xc0, 0xa5, 204 0xb4, 0x59, 0x76, 0x8c, 0x54, 0x1d, 0x79, 0xeb, 0x22, 0x52, 0x04, 0x7e, 205 0xd3, 0x37, 0xeb, 0x41, 0xfd, 0x83, 0xf9, 0xf0, 0xa6, 0x85, 0x15, 0x34, 206 0x75, 0x71, 0x5a, 0x84, 0xa8, 0x3c, 0xd2, 0xef, 0x5a, 0x4e, 0xd3, 0xde, 207 0x97, 0x8a, 0xdd, 0xff, 0xbb, 0xcf, 0x0a, 0xaa, 0x86, 0x92, 0xbe, 0xb8, 208 0x50, 0xe4, 0xcd, 0x6f, 0x80, 0x33, 0x30, 0x76, 0x13, 0x8f, 0xca, 0x7b, 209 0xdc, 0xec, 0x5a, 0xca, 0x63, 0xc7, 0x03, 0x25, 0xef, 0xa8, 0x8a, 0x83, 210 0x58, 0x76, 0x20, 0xfa, 0x16, 0x77, 0xd7, 0x79, 0x92, 0x63, 0x01, 0x48, 211 0x1a, 0xd8, 0x7b, 0x67, 0xf1, 0x52, 0x55, 0x49, 0x4e, 0xd6, 0x6e, 0x4a, 212 0x5c, 0xd7, 0x7a, 0x37, 0x36, 0x0c, 0xde, 0xdd, 0x8f, 0x44, 0xe8, 0xc2, 213 0xa7, 0x2c, 0x2b, 0xb5, 0xaf, 0x64, 0x4b, 0x61, 0x07, 0x02, 0x03, 0x01, 214 0x00, 0x01, 0x02, 0x81, 0x80, 0x74, 0x88, 0x64, 0x3f, 0x69, 0x45, 0x3a, 215 0x6d, 0xc7, 0x7f, 0xb9, 0xa3, 0xc0, 0x6e, 0xec, 0xdc, 0xd4, 0x5a, 0xb5, 216 0x32, 0x85, 0x5f, 0x19, 0xd4, 0xf8, 0xd4, 0x3f, 0x3c, 0xfa, 0xc2, 0xf6, 217 0x5f, 0xee, 0xe6, 0xba, 0x87, 0x74, 0x2e, 0xc7, 0x0c, 0xd4, 0x42, 0xb8, 218 0x66, 0x85, 0x9c, 0x7b, 0x24, 0x61, 0xaa, 0x16, 0x11, 0xf6, 0xb5, 0xb6, 219 0xa4, 0x0a, 0xc9, 0x55, 0x2e, 0x81, 0xa5, 0x47, 0x61, 0xcb, 0x25, 0x8f, 220 0xc2, 0x15, 0x7b, 0x0e, 0x7c, 0x36, 0x9f, 0x3a, 0xda, 0x58, 0x86, 0x1c, 221 0x5b, 0x83, 0x79, 0xe6, 0x2b, 0xcc, 0xe6, 0xfa, 0x2c, 0x61, 0xf2, 0x78, 222 0x80, 0x1b, 0xe2, 0xf3, 0x9d, 0x39, 0x2b, 0x65, 0x57, 0x91, 0x3d, 0x71, 223 0x99, 0x73, 0xa5, 0xc2, 0x79, 0x20, 0x8c, 0x07, 0x4f, 0xe5, 0xb4, 0x60, 224 0x1f, 0x99, 0xa2, 0xb1, 0x4f, 0x0c, 0xef, 0xbc, 0x59, 0x53, 0x00, 0x7d, 225 0xb1, 0x02, 0x41, 0x00, 0xfc, 0x7e, 0x23, 0x65, 0x70, 0xf8, 0xce, 0xd3, 226 0x40, 0x41, 0x80, 0x6a, 0x1d, 0x01, 0xd6, 0x01, 0xff, 0xb6, 0x1b, 0x3d, 227 0x3d, 0x59, 0x09, 0x33, 0x79, 0xc0, 0x4f, 0xde, 0x96, 0x27, 0x4b, 0x18, 228 0xc6, 0xd9, 0x78, 0xf1, 0xf4, 0x35, 0x46, 0xe9, 0x7c, 0x42, 0x7a, 0x5d, 229 0x9f, 0xef, 0x54, 0xb8, 0xf7, 0x9f, 0xc4, 0x33, 0x6c, 0xf3, 0x8c, 0x32, 230 0x46, 0x87, 0x67, 0x30, 0x7b, 0xa7, 0xac, 0xe3, 0x02, 0x41, 0x00, 0xfc, 231 0x2c, 0xdf, 0x0c, 0x0d, 0x88, 0xf5, 0xb1, 0x92, 0xa8, 0x93, 0x47, 0x63, 232 0x55, 0xf5, 0xca, 0x58, 0x43, 0xba, 0x1c, 0xe5, 0x9e, 0xb6, 0x95, 0x05, 233 0xcd, 0xb5, 0x82, 0xdf, 0xeb, 0x04, 0x53, 0x9d, 0xbd, 0xc2, 0x38, 0x16, 234 0xb3, 0x62, 0xdd, 0xa1, 0x46, 0xdb, 0x6d, 0x97, 0x93, 0x9f, 0x8a, 0xc3, 235 0x9b, 0x64, 0x7e, 0x42, 0xe3, 0x32, 0x57, 0x19, 0x1b, 0xd5, 0x6e, 0x85, 236 0xfa, 0xb8, 0x8d, 0x02, 0x41, 0x00, 0xbc, 0x3d, 0xde, 0x6d, 0xd6, 0x97, 237 0xe8, 0xba, 0x9e, 0x81, 0x37, 0x17, 0xe5, 0xa0, 0x64, 0xc9, 0x00, 0xb7, 238 0xe7, 0xfe, 0xf4, 0x29, 0xd9, 0x2e, 0x43, 0x6b, 0x19, 0x20, 0xbd, 0x99, 239 0x75, 0xe7, 0x76, 0xf8, 0xd3, 0xae, 0xaf, 0x7e, 0xb8, 0xeb, 0x81, 0xf4, 240 0x9d, 0xfe, 0x07, 0x2b, 0x0b, 0x63, 0x0b, 0x5a, 0x55, 0x90, 0x71, 0x7d, 241 0xf1, 0xdb, 0xd9, 0xb1, 0x41, 0x41, 0x68, 0x2f, 0x4e, 0x39, 0x02, 0x40, 242 0x5a, 0x34, 0x66, 0xd8, 0xf5, 0xe2, 0x7f, 0x18, 0xb5, 0x00, 0x6e, 0x26, 243 0x84, 0x27, 0x14, 0x93, 0xfb, 0xfc, 0xc6, 0x0f, 0x5e, 0x27, 0xe6, 0xe1, 244 0xe9, 0xc0, 0x8a, 0xe4, 0x34, 0xda, 0xe9, 0xa2, 0x4b, 0x73, 0xbc, 0x8c, 245 0xb9, 0xba, 0x13, 0x6c, 0x7a, 0x2b, 0x51, 0x84, 0xa3, 0x4a, 0xe0, 0x30, 246 0x10, 0x06, 0x7e, 0xed, 0x17, 0x5a, 0x14, 0x00, 0xc9, 0xef, 0x85, 0xea, 247 0x52, 0x2c, 0xbc, 0x65, 0x02, 0x40, 0x51, 0xe3, 0xf2, 0x83, 0x19, 0x9b, 248 0xc4, 0x1e, 0x2f, 0x50, 0x3d, 0xdf, 0x5a, 0xa2, 0x18, 0xca, 0x5f, 0x2e, 249 0x49, 0xaf, 0x6f, 0xcc, 0xfa, 0x65, 0x77, 0x94, 0xb5, 0xa1, 0x0a, 0xa9, 250 0xd1, 0x8a, 0x39, 0x37, 0xf4, 0x0b, 0xa0, 0xd7, 0x82, 0x27, 0x5e, 0xae, 251 0x17, 0x17, 0xa1, 0x1e, 0x54, 0x34, 0xbf, 0x6e, 0xc4, 0x8e, 0x99, 0x5d, 252 0x08, 0xf1, 0x2d, 0x86, 0x9d, 0xa5, 0x20, 0x1b, 0xe5, 0xdf, 253 }; 254 255 #ifndef OPENSSL_NO_EC 256 /* 257 * kExampleECKeyDER is a sample EC private key encoded as an ECPrivateKey 258 * structure. 259 */ 260 static const unsigned char kExampleECKeyDER[] = { 261 0x30, 0x77, 0x02, 0x01, 0x01, 0x04, 0x20, 0x07, 0x0f, 0x08, 0x72, 0x7a, 262 0xd4, 0xa0, 0x4a, 0x9c, 0xdd, 0x59, 0xc9, 0x4d, 0x89, 0x68, 0x77, 0x08, 263 0xb5, 0x6f, 0xc9, 0x5d, 0x30, 0x77, 0x0e, 0xe8, 0xd1, 0xc9, 0xce, 0x0a, 264 0x8b, 0xb4, 0x6a, 0xa0, 0x0a, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 265 0x03, 0x01, 0x07, 0xa1, 0x44, 0x03, 0x42, 0x00, 0x04, 0xe6, 0x2b, 0x69, 266 0xe2, 0xbf, 0x65, 0x9f, 0x97, 0xbe, 0x2f, 0x1e, 0x0d, 0x94, 0x8a, 0x4c, 267 0xd5, 0x97, 0x6b, 0xb7, 0xa9, 0x1e, 0x0d, 0x46, 0xfb, 0xdd, 0xa9, 0xa9, 268 0x1e, 0x9d, 0xdc, 0xba, 0x5a, 0x01, 0xe7, 0xd6, 0x97, 0xa8, 0x0a, 0x18, 269 0xf9, 0xc3, 0xc4, 0xa3, 0x1e, 0x56, 0xe2, 0x7c, 0x83, 0x48, 0xdb, 0x16, 270 0x1a, 0x1c, 0xf5, 0x1d, 0x7e, 0xf1, 0x94, 0x2d, 0x4b, 0xcf, 0x72, 0x22, 271 0xc1, 272 }; 273 274 /* 275 * kExampleBadECKeyDER is a sample EC private key encoded as an ECPrivateKey 276 * structure. The private key is equal to the order and will fail to import 277 */ 278 static const unsigned char kExampleBadECKeyDER[] = { 279 0x30, 0x66, 0x02, 0x01, 0x00, 0x30, 0x13, 0x06, 0x07, 0x2A, 0x86, 0x48, 280 0xCE, 0x3D, 0x02, 0x01, 0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x03, 281 0x01, 0x07, 0x04, 0x4C, 0x30, 0x4A, 0x02, 0x01, 0x01, 0x04, 0x20, 0xFF, 282 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 283 0xFF, 0xFF, 0xFF, 0xBC, 0xE6, 0xFA, 0xAD, 0xA7, 0x17, 0x9E, 0x84, 0xF3, 284 0xB9, 0xCA, 0xC2, 0xFC, 0x63, 0x25, 0x51, 0xA1, 0x23, 0x03, 0x21, 0x00, 285 0x00, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF, 286 0xFF, 0xFF, 0xFF, 0xFF, 0xBC, 0xE6, 0xFA, 0xAD, 0xA7, 0x17, 0x9E, 0x84, 287 0xF3, 0xB9, 0xCA, 0xC2, 0xFC, 0x63, 0x25, 0x51 288 }; 289 290 /* prime256v1 */ 291 static const unsigned char kExampleECPubKeyDER[] = { 292 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02, 293 0x01, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, 0x03, 294 0x42, 0x00, 0x04, 0xba, 0xeb, 0x83, 0xfb, 0x3b, 0xb2, 0xff, 0x30, 0x53, 295 0xdb, 0xce, 0x32, 0xf2, 0xac, 0xae, 0x44, 0x0d, 0x3d, 0x13, 0x53, 0xb8, 296 0xd1, 0x68, 0x55, 0xde, 0x44, 0x46, 0x05, 0xa6, 0xc9, 0xd2, 0x04, 0xb7, 297 0xe3, 0xa2, 0x96, 0xc8, 0xb2, 0x5e, 0x22, 0x03, 0xd7, 0x03, 0x7a, 0x8b, 298 0x13, 0x5c, 0x42, 0x49, 0xc2, 0xab, 0x86, 0xd6, 0xac, 0x6b, 0x93, 0x20, 299 0x56, 0x6a, 0xc6, 0xc8, 0xa5, 0x0b, 0xe5 300 }; 301 302 /* 303 * kExampleBadECKeyDER is a sample EC public key with a wrong OID 304 * 1.2.840.10045.2.2 instead of 1.2.840.10045.2.1 - EC Public Key 305 */ 306 static const unsigned char kExampleBadECPubKeyDER[] = { 307 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02, 308 0x02, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, 0x03, 309 0x42, 0x00, 0x04, 0xba, 0xeb, 0x83, 0xfb, 0x3b, 0xb2, 0xff, 0x30, 0x53, 310 0xdb, 0xce, 0x32, 0xf2, 0xac, 0xae, 0x44, 0x0d, 0x3d, 0x13, 0x53, 0xb8, 311 0xd1, 0x68, 0x55, 0xde, 0x44, 0x46, 0x05, 0xa6, 0xc9, 0xd2, 0x04, 0xb7, 312 0xe3, 0xa2, 0x96, 0xc8, 0xb2, 0x5e, 0x22, 0x03, 0xd7, 0x03, 0x7a, 0x8b, 313 0x13, 0x5c, 0x42, 0x49, 0xc2, 0xab, 0x86, 0xd6, 0xac, 0x6b, 0x93, 0x20, 314 0x56, 0x6a, 0xc6, 0xc8, 0xa5, 0x0b, 0xe5 315 }; 316 317 static const unsigned char pExampleECParamDER[] = { 318 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07 319 }; 320 #endif 321 322 typedef struct APK_DATA_st { 323 const unsigned char *kder; 324 size_t size; 325 int evptype; 326 int check; 327 int pub_check; 328 int param_check; 329 int type; /* 0 for private, 1 for public, 2 for params */ 330 } APK_DATA; 331 332 static APK_DATA keydata[] = { 333 {kExampleRSAKeyDER, sizeof(kExampleRSAKeyDER), EVP_PKEY_RSA}, 334 {kExampleRSAKeyPKCS8, sizeof(kExampleRSAKeyPKCS8), EVP_PKEY_RSA}, 335 #ifndef OPENSSL_NO_EC 336 {kExampleECKeyDER, sizeof(kExampleECKeyDER), EVP_PKEY_EC} 337 #endif 338 }; 339 340 static APK_DATA keycheckdata[] = { 341 {kExampleRSAKeyDER, sizeof(kExampleRSAKeyDER), EVP_PKEY_RSA, 1, -2, -2, 0}, 342 {kExampleBadRSAKeyDER, sizeof(kExampleBadRSAKeyDER), EVP_PKEY_RSA, 343 0, -2, -2, 0}, 344 #ifndef OPENSSL_NO_EC 345 {kExampleECKeyDER, sizeof(kExampleECKeyDER), EVP_PKEY_EC, 1, 1, 1, 0}, 346 /* group is also associated in our pub key */ 347 {kExampleECPubKeyDER, sizeof(kExampleECPubKeyDER), EVP_PKEY_EC, 0, 1, 1, 1}, 348 {pExampleECParamDER, sizeof(pExampleECParamDER), EVP_PKEY_EC, 0, 0, 1, 2} 349 #endif 350 }; 351 352 static EVP_PKEY *load_example_rsa_key(void) 353 { 354 EVP_PKEY *ret = NULL; 355 const unsigned char *derp = kExampleRSAKeyDER; 356 EVP_PKEY *pkey = NULL; 357 RSA *rsa = NULL; 358 359 if (!TEST_true(d2i_RSAPrivateKey(&rsa, &derp, sizeof(kExampleRSAKeyDER)))) 360 return NULL; 361 362 if (!TEST_ptr(pkey = EVP_PKEY_new()) 363 || !TEST_true(EVP_PKEY_set1_RSA(pkey, rsa))) 364 goto end; 365 366 ret = pkey; 367 pkey = NULL; 368 369 end: 370 EVP_PKEY_free(pkey); 371 RSA_free(rsa); 372 373 return ret; 374 } 375 376 static int test_EVP_Enveloped(void) 377 { 378 int ret = 0; 379 EVP_CIPHER_CTX *ctx = NULL; 380 EVP_PKEY *keypair = NULL; 381 unsigned char *kek = NULL; 382 unsigned char iv[EVP_MAX_IV_LENGTH]; 383 static const unsigned char msg[] = { 1, 2, 3, 4, 5, 6, 7, 8 }; 384 int len, kek_len, ciphertext_len, plaintext_len; 385 unsigned char ciphertext[32], plaintext[16]; 386 const EVP_CIPHER *type = EVP_aes_256_cbc(); 387 388 if (!TEST_ptr(keypair = load_example_rsa_key()) 389 || !TEST_ptr(kek = OPENSSL_zalloc(EVP_PKEY_size(keypair))) 390 || !TEST_ptr(ctx = EVP_CIPHER_CTX_new()) 391 || !TEST_true(EVP_SealInit(ctx, type, &kek, &kek_len, iv, 392 &keypair, 1)) 393 || !TEST_true(EVP_SealUpdate(ctx, ciphertext, &ciphertext_len, 394 msg, sizeof(msg))) 395 || !TEST_true(EVP_SealFinal(ctx, ciphertext + ciphertext_len, 396 &len))) 397 goto err; 398 399 ciphertext_len += len; 400 401 if (!TEST_true(EVP_OpenInit(ctx, type, kek, kek_len, iv, keypair)) 402 || !TEST_true(EVP_OpenUpdate(ctx, plaintext, &plaintext_len, 403 ciphertext, ciphertext_len)) 404 || !TEST_true(EVP_OpenFinal(ctx, plaintext + plaintext_len, &len))) 405 goto err; 406 407 plaintext_len += len; 408 if (!TEST_mem_eq(msg, sizeof(msg), plaintext, plaintext_len)) 409 goto err; 410 411 ret = 1; 412 err: 413 OPENSSL_free(kek); 414 EVP_PKEY_free(keypair); 415 EVP_CIPHER_CTX_free(ctx); 416 return ret; 417 } 418 419 420 static int test_EVP_DigestSignInit(void) 421 { 422 int ret = 0; 423 EVP_PKEY *pkey = NULL; 424 unsigned char *sig = NULL; 425 size_t sig_len = 0; 426 EVP_MD_CTX *md_ctx, *md_ctx_verify = NULL; 427 428 if (!TEST_ptr(md_ctx = EVP_MD_CTX_new()) 429 || !TEST_ptr(md_ctx_verify = EVP_MD_CTX_new()) 430 || !TEST_ptr(pkey = load_example_rsa_key())) 431 goto out; 432 433 if (!TEST_true(EVP_DigestSignInit(md_ctx, NULL, EVP_sha256(), NULL, pkey)) 434 || !TEST_true(EVP_DigestSignUpdate(md_ctx, kMsg, sizeof(kMsg)))) 435 goto out; 436 437 /* Determine the size of the signature. */ 438 if (!TEST_true(EVP_DigestSignFinal(md_ctx, NULL, &sig_len)) 439 || !TEST_size_t_eq(sig_len, (size_t)EVP_PKEY_size(pkey))) 440 goto out; 441 442 if (!TEST_ptr(sig = OPENSSL_malloc(sig_len)) 443 || !TEST_true(EVP_DigestSignFinal(md_ctx, sig, &sig_len))) 444 goto out; 445 446 /* Ensure that the signature round-trips. */ 447 if (!TEST_true(EVP_DigestVerifyInit(md_ctx_verify, NULL, EVP_sha256(), 448 NULL, pkey)) 449 || !TEST_true(EVP_DigestVerifyUpdate(md_ctx_verify, 450 kMsg, sizeof(kMsg))) 451 || !TEST_true(EVP_DigestVerifyFinal(md_ctx_verify, sig, sig_len))) 452 goto out; 453 454 ret = 1; 455 456 out: 457 EVP_MD_CTX_free(md_ctx); 458 EVP_MD_CTX_free(md_ctx_verify); 459 EVP_PKEY_free(pkey); 460 OPENSSL_free(sig); 461 462 return ret; 463 } 464 465 static int test_EVP_DigestVerifyInit(void) 466 { 467 int ret = 0; 468 EVP_PKEY *pkey = NULL; 469 EVP_MD_CTX *md_ctx = NULL; 470 471 if (!TEST_ptr(md_ctx = EVP_MD_CTX_new()) 472 || !TEST_ptr(pkey = load_example_rsa_key())) 473 goto out; 474 475 if (!TEST_true(EVP_DigestVerifyInit(md_ctx, NULL, EVP_sha256(), NULL, pkey)) 476 || !TEST_true(EVP_DigestVerifyUpdate(md_ctx, kMsg, sizeof(kMsg))) 477 || !TEST_true(EVP_DigestVerifyFinal(md_ctx, kSignature, 478 sizeof(kSignature)))) 479 goto out; 480 ret = 1; 481 482 out: 483 EVP_MD_CTX_free(md_ctx); 484 EVP_PKEY_free(pkey); 485 return ret; 486 } 487 488 static int test_d2i_AutoPrivateKey(int i) 489 { 490 int ret = 0; 491 const unsigned char *p; 492 EVP_PKEY *pkey = NULL; 493 const APK_DATA *ak = &keydata[i]; 494 const unsigned char *input = ak->kder; 495 size_t input_len = ak->size; 496 int expected_id = ak->evptype; 497 498 p = input; 499 if (!TEST_ptr(pkey = d2i_AutoPrivateKey(NULL, &p, input_len)) 500 || !TEST_ptr_eq(p, input + input_len) 501 || !TEST_int_eq(EVP_PKEY_id(pkey), expected_id)) 502 goto done; 503 504 ret = 1; 505 506 done: 507 EVP_PKEY_free(pkey); 508 return ret; 509 } 510 511 #ifndef OPENSSL_NO_EC 512 /* Tests loading a bad key in PKCS8 format */ 513 static int test_EVP_PKCS82PKEY(void) 514 { 515 int ret = 0; 516 const unsigned char *derp = kExampleBadECKeyDER; 517 PKCS8_PRIV_KEY_INFO *p8inf = NULL; 518 EVP_PKEY *pkey = NULL; 519 520 if (!TEST_ptr(p8inf = d2i_PKCS8_PRIV_KEY_INFO(NULL, &derp, 521 sizeof(kExampleBadECKeyDER)))) 522 goto done; 523 524 if (!TEST_ptr_eq(derp, 525 kExampleBadECKeyDER + sizeof(kExampleBadECKeyDER))) 526 goto done; 527 528 if (!TEST_ptr_null(pkey = EVP_PKCS82PKEY(p8inf))) 529 goto done; 530 531 ret = 1; 532 533 done: 534 PKCS8_PRIV_KEY_INFO_free(p8inf); 535 EVP_PKEY_free(pkey); 536 537 return ret; 538 } 539 #endif 540 541 #ifndef OPENSSL_NO_SM2 542 543 static int test_EVP_SM2_verify(void) 544 { 545 /* From https://tools.ietf.org/html/draft-shen-sm2-ecdsa-02#appendix-A */ 546 const char *pubkey = 547 "-----BEGIN PUBLIC KEY-----\n" 548 "MIIBMzCB7AYHKoZIzj0CATCB4AIBATAsBgcqhkjOPQEBAiEAhULWnkwETxjouSQ1\n" 549 "v2/33kVyg5FcRVF9ci7biwjx38MwRAQgeHlotPoyw/0kF4Quc7v+/y88hItoMdfg\n" 550 "7GUiizk35JgEIGPkxtOyOwyEnPhCQUhL/kj2HVmlsWugbm4S0donxSSaBEEEQh3r\n" 551 "1hti6rZ0ZDTrw8wxXjIiCzut1QvcTE5sFH/t1D0GgFEry7QsB9RzSdIVO3DE5df9\n" 552 "/L+jbqGoWEG55G4JogIhAIVC1p5MBE8Y6LkkNb9v990pdyBjBIVijVrnTufDLnm3\n" 553 "AgEBA0IABArkx3mKoPEZRxvuEYJb5GICu3nipYRElel8BP9N8lSKfAJA+I8c1OFj\n" 554 "Uqc8F7fxbwc1PlOhdtaEqf4Ma7eY6Fc=\n" 555 "-----END PUBLIC KEY-----\n"; 556 557 const char *msg = "message digest"; 558 const char *id = "ALICE123@YAHOO.COM"; 559 560 const uint8_t signature[] = { 561 0x30, 0x44, 0x02, 0x20, 562 563 0x40, 0xF1, 0xEC, 0x59, 0xF7, 0x93, 0xD9, 0xF4, 0x9E, 0x09, 0xDC, 564 0xEF, 0x49, 0x13, 0x0D, 0x41, 0x94, 0xF7, 0x9F, 0xB1, 0xEE, 0xD2, 565 0xCA, 0xA5, 0x5B, 0xAC, 0xDB, 0x49, 0xC4, 0xE7, 0x55, 0xD1, 566 567 0x02, 0x20, 568 569 0x6F, 0xC6, 0xDA, 0xC3, 0x2C, 0x5D, 0x5C, 0xF1, 0x0C, 0x77, 0xDF, 570 0xB2, 0x0F, 0x7C, 0x2E, 0xB6, 0x67, 0xA4, 0x57, 0x87, 0x2F, 0xB0, 571 0x9E, 0xC5, 0x63, 0x27, 0xA6, 0x7E, 0xC7, 0xDE, 0xEB, 0xE7 572 }; 573 574 int rc = 0; 575 BIO *bio = NULL; 576 EVP_PKEY *pkey = NULL; 577 EVP_MD_CTX *mctx = NULL; 578 EVP_PKEY_CTX *pctx = NULL; 579 580 bio = BIO_new_mem_buf(pubkey, strlen(pubkey)); 581 if (!TEST_true(bio != NULL)) 582 goto done; 583 584 pkey = PEM_read_bio_PUBKEY(bio, NULL, NULL, NULL); 585 if (!TEST_true(pkey != NULL)) 586 goto done; 587 588 if (!TEST_true(EVP_PKEY_set_alias_type(pkey, EVP_PKEY_SM2))) 589 goto done; 590 591 if (!TEST_ptr(mctx = EVP_MD_CTX_new())) 592 goto done; 593 594 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new(pkey, NULL))) 595 goto done; 596 597 if (!TEST_int_gt(EVP_PKEY_CTX_set1_id(pctx, (const uint8_t *)id, 598 strlen(id)), 0)) 599 goto done; 600 601 EVP_MD_CTX_set_pkey_ctx(mctx, pctx); 602 603 if (!TEST_true(EVP_DigestVerifyInit(mctx, NULL, EVP_sm3(), NULL, pkey))) 604 goto done; 605 606 if (!TEST_true(EVP_DigestVerifyUpdate(mctx, msg, strlen(msg)))) 607 goto done; 608 609 if (!TEST_true(EVP_DigestVerifyFinal(mctx, signature, sizeof(signature)))) 610 goto done; 611 rc = 1; 612 613 done: 614 BIO_free(bio); 615 EVP_PKEY_free(pkey); 616 EVP_PKEY_CTX_free(pctx); 617 EVP_MD_CTX_free(mctx); 618 return rc; 619 } 620 621 static int test_EVP_SM2(void) 622 { 623 int ret = 0; 624 EVP_PKEY *pkey = NULL; 625 EVP_PKEY *params = NULL; 626 EVP_PKEY_CTX *pctx = NULL; 627 EVP_PKEY_CTX *kctx = NULL; 628 EVP_PKEY_CTX *sctx = NULL; 629 size_t sig_len = 0; 630 unsigned char *sig = NULL; 631 EVP_MD_CTX *md_ctx = NULL; 632 EVP_MD_CTX *md_ctx_verify = NULL; 633 EVP_PKEY_CTX *cctx = NULL; 634 635 uint8_t ciphertext[128]; 636 size_t ctext_len = sizeof(ciphertext); 637 638 uint8_t plaintext[8]; 639 size_t ptext_len = sizeof(plaintext); 640 641 uint8_t sm2_id[] = {1, 2, 3, 4, 'l', 'e', 't', 't', 'e', 'r'}; 642 643 pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_EC, NULL); 644 if (!TEST_ptr(pctx)) 645 goto done; 646 647 if (!TEST_true(EVP_PKEY_paramgen_init(pctx) == 1)) 648 goto done; 649 650 if (!TEST_true(EVP_PKEY_CTX_set_ec_paramgen_curve_nid(pctx, NID_sm2))) 651 goto done; 652 653 if (!TEST_true(EVP_PKEY_paramgen(pctx, ¶ms))) 654 goto done; 655 656 kctx = EVP_PKEY_CTX_new(params, NULL); 657 if (!TEST_ptr(kctx)) 658 goto done; 659 660 if (!TEST_true(EVP_PKEY_keygen_init(kctx))) 661 goto done; 662 663 if (!TEST_true(EVP_PKEY_keygen(kctx, &pkey))) 664 goto done; 665 666 if (!TEST_true(EVP_PKEY_set_alias_type(pkey, EVP_PKEY_SM2))) 667 goto done; 668 669 if (!TEST_ptr(md_ctx = EVP_MD_CTX_new())) 670 goto done; 671 672 if (!TEST_ptr(md_ctx_verify = EVP_MD_CTX_new())) 673 goto done; 674 675 if (!TEST_ptr(sctx = EVP_PKEY_CTX_new(pkey, NULL))) 676 goto done; 677 678 EVP_MD_CTX_set_pkey_ctx(md_ctx, sctx); 679 EVP_MD_CTX_set_pkey_ctx(md_ctx_verify, sctx); 680 681 if (!TEST_int_gt(EVP_PKEY_CTX_set1_id(sctx, sm2_id, sizeof(sm2_id)), 0)) 682 goto done; 683 684 if (!TEST_true(EVP_DigestSignInit(md_ctx, NULL, EVP_sm3(), NULL, pkey))) 685 goto done; 686 687 if(!TEST_true(EVP_DigestSignUpdate(md_ctx, kMsg, sizeof(kMsg)))) 688 goto done; 689 690 /* Determine the size of the signature. */ 691 if (!TEST_true(EVP_DigestSignFinal(md_ctx, NULL, &sig_len))) 692 goto done; 693 694 if (!TEST_size_t_eq(sig_len, (size_t)EVP_PKEY_size(pkey))) 695 goto done; 696 697 if (!TEST_ptr(sig = OPENSSL_malloc(sig_len))) 698 goto done; 699 700 if (!TEST_true(EVP_DigestSignFinal(md_ctx, sig, &sig_len))) 701 goto done; 702 703 /* Ensure that the signature round-trips. */ 704 705 if (!TEST_true(EVP_DigestVerifyInit(md_ctx_verify, NULL, EVP_sm3(), NULL, pkey))) 706 goto done; 707 708 if (!TEST_true(EVP_DigestVerifyUpdate(md_ctx_verify, kMsg, sizeof(kMsg)))) 709 goto done; 710 711 if (!TEST_true(EVP_DigestVerifyFinal(md_ctx_verify, sig, sig_len))) 712 goto done; 713 714 /* now check encryption/decryption */ 715 716 if (!TEST_ptr(cctx = EVP_PKEY_CTX_new(pkey, NULL))) 717 goto done; 718 719 if (!TEST_true(EVP_PKEY_encrypt_init(cctx))) 720 goto done; 721 722 if (!TEST_true(EVP_PKEY_encrypt(cctx, ciphertext, &ctext_len, kMsg, sizeof(kMsg)))) 723 goto done; 724 725 if (!TEST_true(EVP_PKEY_decrypt_init(cctx))) 726 goto done; 727 728 if (!TEST_true(EVP_PKEY_decrypt(cctx, plaintext, &ptext_len, ciphertext, ctext_len))) 729 goto done; 730 731 if (!TEST_true(ptext_len == sizeof(kMsg))) 732 goto done; 733 734 if (!TEST_true(memcmp(plaintext, kMsg, sizeof(kMsg)) == 0)) 735 goto done; 736 737 ret = 1; 738 done: 739 EVP_PKEY_CTX_free(pctx); 740 EVP_PKEY_CTX_free(kctx); 741 EVP_PKEY_CTX_free(sctx); 742 EVP_PKEY_CTX_free(cctx); 743 EVP_PKEY_free(pkey); 744 EVP_PKEY_free(params); 745 EVP_MD_CTX_free(md_ctx); 746 EVP_MD_CTX_free(md_ctx_verify); 747 OPENSSL_free(sig); 748 return ret; 749 } 750 751 #endif 752 753 static struct keys_st { 754 int type; 755 char *priv; 756 char *pub; 757 } keys[] = { 758 { 759 EVP_PKEY_HMAC, "0123456789", NULL 760 }, { 761 EVP_PKEY_POLY1305, "01234567890123456789012345678901", NULL 762 }, { 763 EVP_PKEY_SIPHASH, "0123456789012345", NULL 764 }, 765 #ifndef OPENSSL_NO_EC 766 { 767 EVP_PKEY_X25519, "01234567890123456789012345678901", 768 "abcdefghijklmnopqrstuvwxyzabcdef" 769 }, { 770 EVP_PKEY_ED25519, "01234567890123456789012345678901", 771 "abcdefghijklmnopqrstuvwxyzabcdef" 772 }, { 773 EVP_PKEY_X448, 774 "01234567890123456789012345678901234567890123456789012345", 775 "abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcd" 776 }, { 777 EVP_PKEY_ED448, 778 "012345678901234567890123456789012345678901234567890123456", 779 "abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcde" 780 } 781 #endif 782 }; 783 784 static int test_set_get_raw_keys_int(int tst, int pub) 785 { 786 int ret = 0; 787 unsigned char buf[80]; 788 unsigned char *in; 789 size_t inlen, len = 0; 790 EVP_PKEY *pkey; 791 792 /* Check if this algorithm supports public keys */ 793 if (keys[tst].pub == NULL) 794 return 1; 795 796 memset(buf, 0, sizeof(buf)); 797 798 if (pub) { 799 inlen = strlen(keys[tst].pub); 800 in = (unsigned char *)keys[tst].pub; 801 pkey = EVP_PKEY_new_raw_public_key(keys[tst].type, 802 NULL, 803 in, 804 inlen); 805 } else { 806 inlen = strlen(keys[tst].priv); 807 in = (unsigned char *)keys[tst].priv; 808 pkey = EVP_PKEY_new_raw_private_key(keys[tst].type, 809 NULL, 810 in, 811 inlen); 812 } 813 814 if (!TEST_ptr(pkey) 815 || (!pub && !TEST_true(EVP_PKEY_get_raw_private_key(pkey, NULL, &len))) 816 || (pub && !TEST_true(EVP_PKEY_get_raw_public_key(pkey, NULL, &len))) 817 || !TEST_true(len == inlen) 818 || (!pub && !TEST_true(EVP_PKEY_get_raw_private_key(pkey, buf, &len))) 819 || (pub && !TEST_true(EVP_PKEY_get_raw_public_key(pkey, buf, &len))) 820 || !TEST_mem_eq(in, inlen, buf, len)) 821 goto done; 822 823 ret = 1; 824 done: 825 EVP_PKEY_free(pkey); 826 return ret; 827 } 828 829 static int test_set_get_raw_keys(int tst) 830 { 831 return test_set_get_raw_keys_int(tst, 0) 832 && test_set_get_raw_keys_int(tst, 1); 833 } 834 835 static int pkey_custom_check(EVP_PKEY *pkey) 836 { 837 return 0xbeef; 838 } 839 840 static int pkey_custom_pub_check(EVP_PKEY *pkey) 841 { 842 return 0xbeef; 843 } 844 845 static int pkey_custom_param_check(EVP_PKEY *pkey) 846 { 847 return 0xbeef; 848 } 849 850 static EVP_PKEY_METHOD *custom_pmeth; 851 852 static int test_EVP_PKEY_check(int i) 853 { 854 int ret = 0; 855 const unsigned char *p; 856 EVP_PKEY *pkey = NULL; 857 #ifndef OPENSSL_NO_EC 858 EC_KEY *eckey = NULL; 859 #endif 860 EVP_PKEY_CTX *ctx = NULL; 861 EVP_PKEY_CTX *ctx2 = NULL; 862 const APK_DATA *ak = &keycheckdata[i]; 863 const unsigned char *input = ak->kder; 864 size_t input_len = ak->size; 865 int expected_id = ak->evptype; 866 int expected_check = ak->check; 867 int expected_pub_check = ak->pub_check; 868 int expected_param_check = ak->param_check; 869 int type = ak->type; 870 BIO *pubkey = NULL; 871 872 p = input; 873 874 switch (type) { 875 case 0: 876 if (!TEST_ptr(pkey = d2i_AutoPrivateKey(NULL, &p, input_len)) 877 || !TEST_ptr_eq(p, input + input_len) 878 || !TEST_int_eq(EVP_PKEY_id(pkey), expected_id)) 879 goto done; 880 break; 881 #ifndef OPENSSL_NO_EC 882 case 1: 883 if (!TEST_ptr(pubkey = BIO_new_mem_buf(input, input_len)) 884 || !TEST_ptr(eckey = d2i_EC_PUBKEY_bio(pubkey, NULL)) 885 || !TEST_ptr(pkey = EVP_PKEY_new()) 886 || !TEST_true(EVP_PKEY_assign_EC_KEY(pkey, eckey))) 887 goto done; 888 break; 889 case 2: 890 if (!TEST_ptr(eckey = d2i_ECParameters(NULL, &p, input_len)) 891 || !TEST_ptr_eq(p, input + input_len) 892 || !TEST_ptr(pkey = EVP_PKEY_new()) 893 || !TEST_true(EVP_PKEY_assign_EC_KEY(pkey, eckey))) 894 goto done; 895 break; 896 #endif 897 default: 898 return 0; 899 } 900 901 if (!TEST_ptr(ctx = EVP_PKEY_CTX_new(pkey, NULL))) 902 goto done; 903 904 if (!TEST_int_eq(EVP_PKEY_check(ctx), expected_check)) 905 goto done; 906 907 if (!TEST_int_eq(EVP_PKEY_public_check(ctx), expected_pub_check)) 908 goto done; 909 910 if (!TEST_int_eq(EVP_PKEY_param_check(ctx), expected_param_check)) 911 goto done; 912 913 ctx2 = EVP_PKEY_CTX_new_id(0xdefaced, NULL); 914 /* assign the pkey directly, as an internal test */ 915 EVP_PKEY_up_ref(pkey); 916 ctx2->pkey = pkey; 917 918 if (!TEST_int_eq(EVP_PKEY_check(ctx2), 0xbeef)) 919 goto done; 920 921 if (!TEST_int_eq(EVP_PKEY_public_check(ctx2), 0xbeef)) 922 goto done; 923 924 if (!TEST_int_eq(EVP_PKEY_param_check(ctx2), 0xbeef)) 925 goto done; 926 927 ret = 1; 928 929 done: 930 EVP_PKEY_CTX_free(ctx); 931 EVP_PKEY_CTX_free(ctx2); 932 EVP_PKEY_free(pkey); 933 BIO_free(pubkey); 934 return ret; 935 } 936 937 static int test_HKDF(void) 938 { 939 EVP_PKEY_CTX *pctx; 940 unsigned char out[20]; 941 size_t outlen; 942 int i, ret = 0; 943 unsigned char salt[] = "0123456789"; 944 unsigned char key[] = "012345678901234567890123456789"; 945 unsigned char info[] = "infostring"; 946 const unsigned char expected[] = { 947 0xe5, 0x07, 0x70, 0x7f, 0xc6, 0x78, 0xd6, 0x54, 0x32, 0x5f, 0x7e, 0xc5, 948 0x7b, 0x59, 0x3e, 0xd8, 0x03, 0x6b, 0xed, 0xca 949 }; 950 size_t expectedlen = sizeof(expected); 951 952 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_HKDF, NULL))) 953 goto done; 954 955 /* We do this twice to test reuse of the EVP_PKEY_CTX */ 956 for (i = 0; i < 2; i++) { 957 outlen = sizeof(out); 958 memset(out, 0, outlen); 959 960 if (!TEST_int_gt(EVP_PKEY_derive_init(pctx), 0) 961 || !TEST_int_gt(EVP_PKEY_CTX_set_hkdf_md(pctx, EVP_sha256()), 0) 962 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_salt(pctx, salt, 963 sizeof(salt) - 1), 0) 964 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_key(pctx, key, 965 sizeof(key) - 1), 0) 966 || !TEST_int_gt(EVP_PKEY_CTX_add1_hkdf_info(pctx, info, 967 sizeof(info) - 1), 0) 968 || !TEST_int_gt(EVP_PKEY_derive(pctx, out, &outlen), 0) 969 || !TEST_mem_eq(out, outlen, expected, expectedlen)) 970 goto done; 971 } 972 973 ret = 1; 974 975 done: 976 EVP_PKEY_CTX_free(pctx); 977 978 return ret; 979 } 980 981 #ifndef OPENSSL_NO_EC 982 static int test_X509_PUBKEY_inplace(void) 983 { 984 int ret = 0; 985 X509_PUBKEY *xp = NULL; 986 const unsigned char *p = kExampleECPubKeyDER; 987 size_t input_len = sizeof(kExampleECPubKeyDER); 988 989 if (!TEST_ptr(xp = d2i_X509_PUBKEY(NULL, &p, input_len))) 990 goto done; 991 992 if (!TEST_ptr(X509_PUBKEY_get0(xp))) 993 goto done; 994 995 p = kExampleBadECPubKeyDER; 996 input_len = sizeof(kExampleBadECPubKeyDER); 997 998 if (!TEST_ptr(xp = d2i_X509_PUBKEY(&xp, &p, input_len))) 999 goto done; 1000 1001 if (!TEST_true(X509_PUBKEY_get0(xp) == NULL)) 1002 goto done; 1003 1004 ret = 1; 1005 1006 done: 1007 X509_PUBKEY_free(xp); 1008 return ret; 1009 } 1010 #endif 1011 1012 int setup_tests(void) 1013 { 1014 ADD_TEST(test_EVP_DigestSignInit); 1015 ADD_TEST(test_EVP_DigestVerifyInit); 1016 ADD_TEST(test_EVP_Enveloped); 1017 ADD_ALL_TESTS(test_d2i_AutoPrivateKey, OSSL_NELEM(keydata)); 1018 #ifndef OPENSSL_NO_EC 1019 ADD_TEST(test_EVP_PKCS82PKEY); 1020 #endif 1021 #ifndef OPENSSL_NO_SM2 1022 ADD_TEST(test_EVP_SM2); 1023 ADD_TEST(test_EVP_SM2_verify); 1024 #endif 1025 ADD_ALL_TESTS(test_set_get_raw_keys, OSSL_NELEM(keys)); 1026 custom_pmeth = EVP_PKEY_meth_new(0xdefaced, 0); 1027 if (!TEST_ptr(custom_pmeth)) 1028 return 0; 1029 EVP_PKEY_meth_set_check(custom_pmeth, pkey_custom_check); 1030 EVP_PKEY_meth_set_public_check(custom_pmeth, pkey_custom_pub_check); 1031 EVP_PKEY_meth_set_param_check(custom_pmeth, pkey_custom_param_check); 1032 if (!TEST_int_eq(EVP_PKEY_meth_add0(custom_pmeth), 1)) 1033 return 0; 1034 ADD_ALL_TESTS(test_EVP_PKEY_check, OSSL_NELEM(keycheckdata)); 1035 ADD_TEST(test_HKDF); 1036 #ifndef OPENSSL_NO_EC 1037 ADD_TEST(test_X509_PUBKEY_inplace); 1038 #endif 1039 return 1; 1040 } 1041