1 /* 2 * Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved. 3 * 4 * Licensed under the OpenSSL license (the "License"). You may not use 5 * this file except in compliance with the License. You can obtain a copy 6 * in the file LICENSE in the source distribution or at 7 * https://www.openssl.org/source/license.html 8 */ 9 10 #include <stdio.h> 11 #include <stdlib.h> 12 #include <string.h> 13 #include <openssl/bio.h> 14 #include <openssl/crypto.h> 15 #include <openssl/err.h> 16 #include <openssl/evp.h> 17 #include <openssl/rsa.h> 18 #include <openssl/x509.h> 19 #include <openssl/pem.h> 20 #include <openssl/kdf.h> 21 #include "testutil.h" 22 #include "internal/nelem.h" 23 #include "internal/evp_int.h" 24 25 /* 26 * kExampleRSAKeyDER is an RSA private key in ASN.1, DER format. Of course, you 27 * should never use this key anywhere but in an example. 28 */ 29 static const unsigned char kExampleRSAKeyDER[] = { 30 0x30, 0x82, 0x02, 0x5c, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81, 0x00, 0xf8, 31 0xb8, 0x6c, 0x83, 0xb4, 0xbc, 0xd9, 0xa8, 0x57, 0xc0, 0xa5, 0xb4, 0x59, 32 0x76, 0x8c, 0x54, 0x1d, 0x79, 0xeb, 0x22, 0x52, 0x04, 0x7e, 0xd3, 0x37, 33 0xeb, 0x41, 0xfd, 0x83, 0xf9, 0xf0, 0xa6, 0x85, 0x15, 0x34, 0x75, 0x71, 34 0x5a, 0x84, 0xa8, 0x3c, 0xd2, 0xef, 0x5a, 0x4e, 0xd3, 0xde, 0x97, 0x8a, 35 0xdd, 0xff, 0xbb, 0xcf, 0x0a, 0xaa, 0x86, 0x92, 0xbe, 0xb8, 0x50, 0xe4, 36 0xcd, 0x6f, 0x80, 0x33, 0x30, 0x76, 0x13, 0x8f, 0xca, 0x7b, 0xdc, 0xec, 37 0x5a, 0xca, 0x63, 0xc7, 0x03, 0x25, 0xef, 0xa8, 0x8a, 0x83, 0x58, 0x76, 38 0x20, 0xfa, 0x16, 0x77, 0xd7, 0x79, 0x92, 0x63, 0x01, 0x48, 0x1a, 0xd8, 39 0x7b, 0x67, 0xf1, 0x52, 0x55, 0x49, 0x4e, 0xd6, 0x6e, 0x4a, 0x5c, 0xd7, 40 0x7a, 0x37, 0x36, 0x0c, 0xde, 0xdd, 0x8f, 0x44, 0xe8, 0xc2, 0xa7, 0x2c, 41 0x2b, 0xb5, 0xaf, 0x64, 0x4b, 0x61, 0x07, 0x02, 0x03, 0x01, 0x00, 0x01, 42 0x02, 0x81, 0x80, 0x74, 0x88, 0x64, 0x3f, 0x69, 0x45, 0x3a, 0x6d, 0xc7, 43 0x7f, 0xb9, 0xa3, 0xc0, 0x6e, 0xec, 0xdc, 0xd4, 0x5a, 0xb5, 0x32, 0x85, 44 0x5f, 0x19, 0xd4, 0xf8, 0xd4, 0x3f, 0x3c, 0xfa, 0xc2, 0xf6, 0x5f, 0xee, 45 0xe6, 0xba, 0x87, 0x74, 0x2e, 0xc7, 0x0c, 0xd4, 0x42, 0xb8, 0x66, 0x85, 46 0x9c, 0x7b, 0x24, 0x61, 0xaa, 0x16, 0x11, 0xf6, 0xb5, 0xb6, 0xa4, 0x0a, 47 0xc9, 0x55, 0x2e, 0x81, 0xa5, 0x47, 0x61, 0xcb, 0x25, 0x8f, 0xc2, 0x15, 48 0x7b, 0x0e, 0x7c, 0x36, 0x9f, 0x3a, 0xda, 0x58, 0x86, 0x1c, 0x5b, 0x83, 49 0x79, 0xe6, 0x2b, 0xcc, 0xe6, 0xfa, 0x2c, 0x61, 0xf2, 0x78, 0x80, 0x1b, 50 0xe2, 0xf3, 0x9d, 0x39, 0x2b, 0x65, 0x57, 0x91, 0x3d, 0x71, 0x99, 0x73, 51 0xa5, 0xc2, 0x79, 0x20, 0x8c, 0x07, 0x4f, 0xe5, 0xb4, 0x60, 0x1f, 0x99, 52 0xa2, 0xb1, 0x4f, 0x0c, 0xef, 0xbc, 0x59, 0x53, 0x00, 0x7d, 0xb1, 0x02, 53 0x41, 0x00, 0xfc, 0x7e, 0x23, 0x65, 0x70, 0xf8, 0xce, 0xd3, 0x40, 0x41, 54 0x80, 0x6a, 0x1d, 0x01, 0xd6, 0x01, 0xff, 0xb6, 0x1b, 0x3d, 0x3d, 0x59, 55 0x09, 0x33, 0x79, 0xc0, 0x4f, 0xde, 0x96, 0x27, 0x4b, 0x18, 0xc6, 0xd9, 56 0x78, 0xf1, 0xf4, 0x35, 0x46, 0xe9, 0x7c, 0x42, 0x7a, 0x5d, 0x9f, 0xef, 57 0x54, 0xb8, 0xf7, 0x9f, 0xc4, 0x33, 0x6c, 0xf3, 0x8c, 0x32, 0x46, 0x87, 58 0x67, 0x30, 0x7b, 0xa7, 0xac, 0xe3, 0x02, 0x41, 0x00, 0xfc, 0x2c, 0xdf, 59 0x0c, 0x0d, 0x88, 0xf5, 0xb1, 0x92, 0xa8, 0x93, 0x47, 0x63, 0x55, 0xf5, 60 0xca, 0x58, 0x43, 0xba, 0x1c, 0xe5, 0x9e, 0xb6, 0x95, 0x05, 0xcd, 0xb5, 61 0x82, 0xdf, 0xeb, 0x04, 0x53, 0x9d, 0xbd, 0xc2, 0x38, 0x16, 0xb3, 0x62, 62 0xdd, 0xa1, 0x46, 0xdb, 0x6d, 0x97, 0x93, 0x9f, 0x8a, 0xc3, 0x9b, 0x64, 63 0x7e, 0x42, 0xe3, 0x32, 0x57, 0x19, 0x1b, 0xd5, 0x6e, 0x85, 0xfa, 0xb8, 64 0x8d, 0x02, 0x41, 0x00, 0xbc, 0x3d, 0xde, 0x6d, 0xd6, 0x97, 0xe8, 0xba, 65 0x9e, 0x81, 0x37, 0x17, 0xe5, 0xa0, 0x64, 0xc9, 0x00, 0xb7, 0xe7, 0xfe, 66 0xf4, 0x29, 0xd9, 0x2e, 0x43, 0x6b, 0x19, 0x20, 0xbd, 0x99, 0x75, 0xe7, 67 0x76, 0xf8, 0xd3, 0xae, 0xaf, 0x7e, 0xb8, 0xeb, 0x81, 0xf4, 0x9d, 0xfe, 68 0x07, 0x2b, 0x0b, 0x63, 0x0b, 0x5a, 0x55, 0x90, 0x71, 0x7d, 0xf1, 0xdb, 69 0xd9, 0xb1, 0x41, 0x41, 0x68, 0x2f, 0x4e, 0x39, 0x02, 0x40, 0x5a, 0x34, 70 0x66, 0xd8, 0xf5, 0xe2, 0x7f, 0x18, 0xb5, 0x00, 0x6e, 0x26, 0x84, 0x27, 71 0x14, 0x93, 0xfb, 0xfc, 0xc6, 0x0f, 0x5e, 0x27, 0xe6, 0xe1, 0xe9, 0xc0, 72 0x8a, 0xe4, 0x34, 0xda, 0xe9, 0xa2, 0x4b, 0x73, 0xbc, 0x8c, 0xb9, 0xba, 73 0x13, 0x6c, 0x7a, 0x2b, 0x51, 0x84, 0xa3, 0x4a, 0xe0, 0x30, 0x10, 0x06, 74 0x7e, 0xed, 0x17, 0x5a, 0x14, 0x00, 0xc9, 0xef, 0x85, 0xea, 0x52, 0x2c, 75 0xbc, 0x65, 0x02, 0x40, 0x51, 0xe3, 0xf2, 0x83, 0x19, 0x9b, 0xc4, 0x1e, 76 0x2f, 0x50, 0x3d, 0xdf, 0x5a, 0xa2, 0x18, 0xca, 0x5f, 0x2e, 0x49, 0xaf, 77 0x6f, 0xcc, 0xfa, 0x65, 0x77, 0x94, 0xb5, 0xa1, 0x0a, 0xa9, 0xd1, 0x8a, 78 0x39, 0x37, 0xf4, 0x0b, 0xa0, 0xd7, 0x82, 0x27, 0x5e, 0xae, 0x17, 0x17, 79 0xa1, 0x1e, 0x54, 0x34, 0xbf, 0x6e, 0xc4, 0x8e, 0x99, 0x5d, 0x08, 0xf1, 80 0x2d, 0x86, 0x9d, 0xa5, 0x20, 0x1b, 0xe5, 0xdf, 81 }; 82 83 /* 84 * kExampleBadRSAKeyDER is an RSA private key in ASN.1, DER format. The private 85 * components are not correct. 86 */ 87 static const unsigned char kExampleBadRSAKeyDER[] = { 88 0x30, 0x82, 0x04, 0x27, 0x02, 0x01, 0x00, 0x02, 0x82, 0x01, 0x01, 0x00, 89 0xa6, 0x1a, 0x1e, 0x6e, 0x7b, 0xee, 0xc6, 0x89, 0x66, 0xe7, 0x93, 0xef, 90 0x54, 0x12, 0x68, 0xea, 0xbf, 0x86, 0x2f, 0xdd, 0xd2, 0x79, 0xb8, 0xa9, 91 0x6e, 0x03, 0xc2, 0xa3, 0xb9, 0xa3, 0xe1, 0x4b, 0x2a, 0xb3, 0xf8, 0xb4, 92 0xcd, 0xea, 0xbe, 0x24, 0xa6, 0x57, 0x5b, 0x83, 0x1f, 0x0f, 0xf2, 0xd3, 93 0xb7, 0xac, 0x7e, 0xd6, 0x8e, 0x6e, 0x1e, 0xbf, 0xb8, 0x73, 0x8c, 0x05, 94 0x56, 0xe6, 0x35, 0x1f, 0xe9, 0x04, 0x0b, 0x09, 0x86, 0x7d, 0xf1, 0x26, 95 0x08, 0x99, 0xad, 0x7b, 0xc8, 0x4d, 0x94, 0xb0, 0x0b, 0x8b, 0x38, 0xa0, 96 0x5c, 0x62, 0xa0, 0xab, 0xd3, 0x8f, 0xd4, 0x09, 0x60, 0x72, 0x1e, 0x33, 97 0x50, 0x80, 0x6e, 0x22, 0xa6, 0x77, 0x57, 0x6b, 0x9a, 0x33, 0x21, 0x66, 98 0x87, 0x6e, 0x21, 0x7b, 0xc7, 0x24, 0x0e, 0xd8, 0x13, 0xdf, 0x83, 0xde, 99 0xcd, 0x40, 0x58, 0x1d, 0x84, 0x86, 0xeb, 0xb8, 0x12, 0x4e, 0xd2, 0xfa, 100 0x80, 0x1f, 0xe4, 0xe7, 0x96, 0x29, 0xb8, 0xcc, 0xce, 0x66, 0x6d, 0x53, 101 0xca, 0xb9, 0x5a, 0xd7, 0xf6, 0x84, 0x6c, 0x2d, 0x9a, 0x1a, 0x14, 0x1c, 102 0x4e, 0x93, 0x39, 0xba, 0x74, 0xed, 0xed, 0x87, 0x87, 0x5e, 0x48, 0x75, 103 0x36, 0xf0, 0xbc, 0x34, 0xfb, 0x29, 0xf9, 0x9f, 0x96, 0x5b, 0x0b, 0xa7, 104 0x54, 0x30, 0x51, 0x29, 0x18, 0x5b, 0x7d, 0xac, 0x0f, 0xd6, 0x5f, 0x7c, 105 0xf8, 0x98, 0x8c, 0xd8, 0x86, 0x62, 0xb3, 0xdc, 0xff, 0x0f, 0xff, 0x7a, 106 0xaf, 0x5c, 0x4c, 0x61, 0x49, 0x2e, 0xc8, 0x95, 0x86, 0xc4, 0x0e, 0x87, 107 0xfc, 0x1d, 0xcf, 0x8b, 0x7c, 0x61, 0xf6, 0xd8, 0xd0, 0x69, 0xf6, 0xcd, 108 0x8a, 0x8c, 0xf6, 0x62, 0xa2, 0x56, 0xa9, 0xe3, 0xd1, 0xcf, 0x4d, 0xa0, 109 0xf6, 0x2d, 0x20, 0x0a, 0x04, 0xb7, 0xa2, 0xf7, 0xb5, 0x99, 0x47, 0x18, 110 0x56, 0x85, 0x87, 0xc7, 0x02, 0x03, 0x01, 0x00, 0x01, 0x02, 0x82, 0x01, 111 0x01, 0x00, 0x99, 0x41, 0x38, 0x1a, 0xd0, 0x96, 0x7a, 0xf0, 0x83, 0xd5, 112 0xdf, 0x94, 0xce, 0x89, 0x3d, 0xec, 0x7a, 0x52, 0x21, 0x10, 0x16, 0x06, 113 0xe0, 0xee, 0xd2, 0xe6, 0xfd, 0x4b, 0x7b, 0x19, 0x4d, 0xe1, 0xc0, 0xc0, 114 0xd5, 0x14, 0x5d, 0x79, 0xdd, 0x7e, 0x8b, 0x4b, 0xc6, 0xcf, 0xb0, 0x75, 115 0x52, 0xa3, 0x2d, 0xb1, 0x26, 0x46, 0x68, 0x9c, 0x0a, 0x1a, 0xf2, 0xe1, 116 0x09, 0xac, 0x53, 0x85, 0x8c, 0x36, 0xa9, 0x14, 0x65, 0xea, 0xa0, 0x00, 117 0xcb, 0xe3, 0x3f, 0xc4, 0x2b, 0x61, 0x2e, 0x6b, 0x06, 0x69, 0x77, 0xfd, 118 0x38, 0x7e, 0x1d, 0x3f, 0x92, 0xe7, 0x77, 0x08, 0x19, 0xa7, 0x9d, 0x29, 119 0x2d, 0xdc, 0x42, 0xc6, 0x7c, 0xd7, 0xd3, 0xa8, 0x01, 0x2c, 0xf2, 0xd5, 120 0x82, 0x57, 0xcb, 0x55, 0x3d, 0xe7, 0xaa, 0xd2, 0x06, 0x30, 0x30, 0x05, 121 0xe6, 0xf2, 0x47, 0x86, 0xba, 0xc6, 0x61, 0x64, 0xeb, 0x4f, 0x2a, 0x5e, 122 0x07, 0x29, 0xe0, 0x96, 0xb2, 0x43, 0xff, 0x5f, 0x1a, 0x54, 0x16, 0xcf, 123 0xb5, 0x56, 0x5c, 0xa0, 0x9b, 0x0c, 0xfd, 0xb3, 0xd2, 0xe3, 0x79, 0x1d, 124 0x21, 0xe2, 0xd6, 0x13, 0xc4, 0x74, 0xa6, 0xf5, 0x8e, 0x8e, 0x81, 0xbb, 125 0xb4, 0xad, 0x8a, 0xf0, 0x93, 0x0a, 0xd8, 0x0a, 0x42, 0x36, 0xbc, 0xe5, 126 0x26, 0x2a, 0x0d, 0x5d, 0x57, 0x13, 0xc5, 0x4e, 0x2f, 0x12, 0x0e, 0xef, 127 0xa7, 0x81, 0x1e, 0xc3, 0xa5, 0xdb, 0xc9, 0x24, 0xeb, 0x1a, 0xa1, 0xf9, 128 0xf6, 0xa1, 0x78, 0x98, 0x93, 0x77, 0x42, 0x45, 0x03, 0xe2, 0xc9, 0xa2, 129 0xfe, 0x2d, 0x77, 0xc8, 0xc6, 0xac, 0x9b, 0x98, 0x89, 0x6d, 0x9a, 0xe7, 130 0x61, 0x63, 0xb7, 0xf2, 0xec, 0xd6, 0xb1, 0xa1, 0x6e, 0x0a, 0x1a, 0xff, 131 0xfd, 0x43, 0x28, 0xc3, 0x0c, 0xdc, 0xf2, 0x47, 0x4f, 0x27, 0xaa, 0x99, 132 0x04, 0x8e, 0xac, 0xe8, 0x7c, 0x01, 0x02, 0x04, 0x12, 0x34, 0x56, 0x78, 133 0x02, 0x81, 0x81, 0x00, 0xca, 0x69, 0xe5, 0xbb, 0x3a, 0x90, 0x82, 0xcb, 134 0x82, 0x50, 0x2f, 0x29, 0xe2, 0x76, 0x6a, 0x57, 0x55, 0x45, 0x4e, 0x35, 135 0x18, 0x61, 0xe0, 0x12, 0x70, 0xc0, 0xab, 0xc7, 0x80, 0xa2, 0xd4, 0x46, 136 0x34, 0x03, 0xa0, 0x19, 0x26, 0x23, 0x9e, 0xef, 0x1a, 0xcb, 0x75, 0xd6, 137 0xba, 0x81, 0xf4, 0x7e, 0x52, 0xe5, 0x2a, 0xe8, 0xf1, 0x49, 0x6c, 0x0f, 138 0x1a, 0xa0, 0xf9, 0xc6, 0xe7, 0xec, 0x60, 0xe4, 0xcb, 0x2a, 0xb5, 0x56, 139 0xe9, 0x9c, 0xcd, 0x19, 0x75, 0x92, 0xb1, 0x66, 0xce, 0xc3, 0xd9, 0x3d, 140 0x11, 0xcb, 0xc4, 0x09, 0xce, 0x1e, 0x30, 0xba, 0x2f, 0x60, 0x60, 0x55, 141 0x8d, 0x02, 0xdc, 0x5d, 0xaf, 0xf7, 0x52, 0x31, 0x17, 0x07, 0x53, 0x20, 142 0x33, 0xad, 0x8c, 0xd5, 0x2f, 0x5a, 0xd0, 0x57, 0xd7, 0xd1, 0x80, 0xd6, 143 0x3a, 0x9b, 0x04, 0x4f, 0x35, 0xbf, 0xe7, 0xd5, 0xbc, 0x8f, 0xd4, 0x81, 144 0x02, 0x81, 0x81, 0x00, 0xc0, 0x9f, 0xf8, 0xcd, 0xf7, 0x3f, 0x26, 0x8a, 145 0x3d, 0x4d, 0x2b, 0x0c, 0x01, 0xd0, 0xa2, 0xb4, 0x18, 0xfe, 0xf7, 0x5e, 146 0x2f, 0x06, 0x13, 0xcd, 0x63, 0xaa, 0x12, 0xa9, 0x24, 0x86, 0xe3, 0xf3, 147 0x7b, 0xda, 0x1a, 0x3c, 0xb1, 0x38, 0x80, 0x80, 0xef, 0x64, 0x64, 0xa1, 148 0x9b, 0xfe, 0x76, 0x63, 0x8e, 0x83, 0xd2, 0xd9, 0xb9, 0x86, 0xb0, 0xe6, 149 0xa6, 0x0c, 0x7e, 0xa8, 0x84, 0x90, 0x98, 0x0c, 0x1e, 0xf3, 0x14, 0x77, 150 0xe0, 0x5f, 0x81, 0x08, 0x11, 0x8f, 0xa6, 0x23, 0xc4, 0xba, 0xc0, 0x8a, 151 0xe4, 0xc6, 0xe3, 0x5c, 0xbe, 0xc5, 0xec, 0x2c, 0xb9, 0xd8, 0x8c, 0x4d, 152 0x1a, 0x9d, 0xe7, 0x7c, 0x85, 0x4c, 0x0d, 0x71, 0x4e, 0x72, 0x33, 0x1b, 153 0xfe, 0xa9, 0x17, 0x72, 0x76, 0x56, 0x9d, 0x74, 0x7e, 0x52, 0x67, 0x9a, 154 0x87, 0x9a, 0xdb, 0x30, 0xde, 0xe4, 0x49, 0x28, 0x3b, 0xd2, 0x67, 0xaf, 155 0x02, 0x81, 0x81, 0x00, 0x89, 0x74, 0x9a, 0x8e, 0xa7, 0xb9, 0xa5, 0x28, 156 0xc0, 0x68, 0xe5, 0x6e, 0x63, 0x1c, 0x99, 0x20, 0x8f, 0x86, 0x8e, 0x12, 157 0x9e, 0x69, 0x30, 0xfa, 0x34, 0xd9, 0x92, 0x8d, 0xdb, 0x7c, 0x37, 0xfd, 158 0x28, 0xab, 0x61, 0x98, 0x52, 0x7f, 0x14, 0x1a, 0x39, 0xae, 0xfb, 0x6a, 159 0x03, 0xa3, 0xe6, 0xbd, 0xb6, 0x5b, 0x6b, 0xe5, 0x5e, 0x9d, 0xc6, 0xa5, 160 0x07, 0x27, 0x54, 0x17, 0xd0, 0x3d, 0x84, 0x9b, 0x3a, 0xa0, 0xd9, 0x1e, 161 0x99, 0x6c, 0x63, 0x17, 0xab, 0xf1, 0x1f, 0x49, 0xba, 0x95, 0xe3, 0x3b, 162 0x86, 0x8f, 0x42, 0xa4, 0x89, 0xf5, 0x94, 0x8f, 0x8b, 0x46, 0xbe, 0x84, 163 0xba, 0x4a, 0xbc, 0x0d, 0x5f, 0x46, 0xeb, 0xe8, 0xec, 0x43, 0x8c, 0x1e, 164 0xad, 0x19, 0x69, 0x2f, 0x08, 0x86, 0x7a, 0x3f, 0x7d, 0x0f, 0x07, 0x97, 165 0xf3, 0x9a, 0x7b, 0xb5, 0xb2, 0xc1, 0x8c, 0x95, 0x68, 0x04, 0xa0, 0x81, 166 0x02, 0x81, 0x80, 0x4e, 0xbf, 0x7e, 0x1b, 0xcb, 0x13, 0x61, 0x75, 0x3b, 167 0xdb, 0x59, 0x5f, 0xb1, 0xd4, 0xb8, 0xeb, 0x9e, 0x73, 0xb5, 0xe7, 0xf6, 168 0x89, 0x3d, 0x1c, 0xda, 0xf0, 0x36, 0xff, 0x35, 0xbd, 0x1e, 0x0b, 0x74, 169 0xe3, 0x9e, 0xf0, 0xf2, 0xf7, 0xd7, 0x82, 0xb7, 0x7b, 0x6a, 0x1b, 0x0e, 170 0x30, 0x4a, 0x98, 0x0e, 0xb4, 0xf9, 0x81, 0x07, 0xe4, 0x75, 0x39, 0xe9, 171 0x53, 0xca, 0xbb, 0x5c, 0xaa, 0x93, 0x07, 0x0e, 0xa8, 0x2f, 0xba, 0x98, 172 0x49, 0x30, 0xa7, 0xcc, 0x1a, 0x3c, 0x68, 0x0c, 0xe1, 0xa4, 0xb1, 0x05, 173 0xe6, 0xe0, 0x25, 0x78, 0x58, 0x14, 0x37, 0xf5, 0x1f, 0xe3, 0x22, 0xef, 174 0xa8, 0x0e, 0x22, 0xa0, 0x94, 0x3a, 0xf6, 0xc9, 0x13, 0xe6, 0x06, 0xbf, 175 0x7f, 0x99, 0xc6, 0xcc, 0xd8, 0xc6, 0xbe, 0xd9, 0x2e, 0x24, 0xc7, 0x69, 176 0x8c, 0x95, 0xba, 0xf6, 0x04, 0xb3, 0x0a, 0xf4, 0xcb, 0xf0, 0xce, 177 }; 178 179 static const unsigned char kMsg[] = { 1, 2, 3, 4 }; 180 181 static const unsigned char kSignature[] = { 182 0xa5, 0xf0, 0x8a, 0x47, 0x5d, 0x3c, 0xb3, 0xcc, 0xa9, 0x79, 0xaf, 0x4d, 183 0x8c, 0xae, 0x4c, 0x14, 0xef, 0xc2, 0x0b, 0x34, 0x36, 0xde, 0xf4, 0x3e, 184 0x3d, 0xbb, 0x4a, 0x60, 0x5c, 0xc8, 0x91, 0x28, 0xda, 0xfb, 0x7e, 0x04, 185 0x96, 0x7e, 0x63, 0x13, 0x90, 0xce, 0xb9, 0xb4, 0x62, 0x7a, 0xfd, 0x09, 186 0x3d, 0xc7, 0x67, 0x78, 0x54, 0x04, 0xeb, 0x52, 0x62, 0x6e, 0x24, 0x67, 187 0xb4, 0x40, 0xfc, 0x57, 0x62, 0xc6, 0xf1, 0x67, 0xc1, 0x97, 0x8f, 0x6a, 188 0xa8, 0xae, 0x44, 0x46, 0x5e, 0xab, 0x67, 0x17, 0x53, 0x19, 0x3a, 0xda, 189 0x5a, 0xc8, 0x16, 0x3e, 0x86, 0xd5, 0xc5, 0x71, 0x2f, 0xfc, 0x23, 0x48, 190 0xd9, 0x0b, 0x13, 0xdd, 0x7b, 0x5a, 0x25, 0x79, 0xef, 0xa5, 0x7b, 0x04, 191 0xed, 0x44, 0xf6, 0x18, 0x55, 0xe4, 0x0a, 0xe9, 0x57, 0x79, 0x5d, 0xd7, 192 0x55, 0xa7, 0xab, 0x45, 0x02, 0x97, 0x60, 0x42, 193 }; 194 195 /* 196 * kExampleRSAKeyPKCS8 is kExampleRSAKeyDER encoded in a PKCS #8 197 * PrivateKeyInfo. 198 */ 199 static const unsigned char kExampleRSAKeyPKCS8[] = { 200 0x30, 0x82, 0x02, 0x76, 0x02, 0x01, 0x00, 0x30, 0x0d, 0x06, 0x09, 0x2a, 201 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x04, 0x82, 202 0x02, 0x60, 0x30, 0x82, 0x02, 0x5c, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81, 203 0x00, 0xf8, 0xb8, 0x6c, 0x83, 0xb4, 0xbc, 0xd9, 0xa8, 0x57, 0xc0, 0xa5, 204 0xb4, 0x59, 0x76, 0x8c, 0x54, 0x1d, 0x79, 0xeb, 0x22, 0x52, 0x04, 0x7e, 205 0xd3, 0x37, 0xeb, 0x41, 0xfd, 0x83, 0xf9, 0xf0, 0xa6, 0x85, 0x15, 0x34, 206 0x75, 0x71, 0x5a, 0x84, 0xa8, 0x3c, 0xd2, 0xef, 0x5a, 0x4e, 0xd3, 0xde, 207 0x97, 0x8a, 0xdd, 0xff, 0xbb, 0xcf, 0x0a, 0xaa, 0x86, 0x92, 0xbe, 0xb8, 208 0x50, 0xe4, 0xcd, 0x6f, 0x80, 0x33, 0x30, 0x76, 0x13, 0x8f, 0xca, 0x7b, 209 0xdc, 0xec, 0x5a, 0xca, 0x63, 0xc7, 0x03, 0x25, 0xef, 0xa8, 0x8a, 0x83, 210 0x58, 0x76, 0x20, 0xfa, 0x16, 0x77, 0xd7, 0x79, 0x92, 0x63, 0x01, 0x48, 211 0x1a, 0xd8, 0x7b, 0x67, 0xf1, 0x52, 0x55, 0x49, 0x4e, 0xd6, 0x6e, 0x4a, 212 0x5c, 0xd7, 0x7a, 0x37, 0x36, 0x0c, 0xde, 0xdd, 0x8f, 0x44, 0xe8, 0xc2, 213 0xa7, 0x2c, 0x2b, 0xb5, 0xaf, 0x64, 0x4b, 0x61, 0x07, 0x02, 0x03, 0x01, 214 0x00, 0x01, 0x02, 0x81, 0x80, 0x74, 0x88, 0x64, 0x3f, 0x69, 0x45, 0x3a, 215 0x6d, 0xc7, 0x7f, 0xb9, 0xa3, 0xc0, 0x6e, 0xec, 0xdc, 0xd4, 0x5a, 0xb5, 216 0x32, 0x85, 0x5f, 0x19, 0xd4, 0xf8, 0xd4, 0x3f, 0x3c, 0xfa, 0xc2, 0xf6, 217 0x5f, 0xee, 0xe6, 0xba, 0x87, 0x74, 0x2e, 0xc7, 0x0c, 0xd4, 0x42, 0xb8, 218 0x66, 0x85, 0x9c, 0x7b, 0x24, 0x61, 0xaa, 0x16, 0x11, 0xf6, 0xb5, 0xb6, 219 0xa4, 0x0a, 0xc9, 0x55, 0x2e, 0x81, 0xa5, 0x47, 0x61, 0xcb, 0x25, 0x8f, 220 0xc2, 0x15, 0x7b, 0x0e, 0x7c, 0x36, 0x9f, 0x3a, 0xda, 0x58, 0x86, 0x1c, 221 0x5b, 0x83, 0x79, 0xe6, 0x2b, 0xcc, 0xe6, 0xfa, 0x2c, 0x61, 0xf2, 0x78, 222 0x80, 0x1b, 0xe2, 0xf3, 0x9d, 0x39, 0x2b, 0x65, 0x57, 0x91, 0x3d, 0x71, 223 0x99, 0x73, 0xa5, 0xc2, 0x79, 0x20, 0x8c, 0x07, 0x4f, 0xe5, 0xb4, 0x60, 224 0x1f, 0x99, 0xa2, 0xb1, 0x4f, 0x0c, 0xef, 0xbc, 0x59, 0x53, 0x00, 0x7d, 225 0xb1, 0x02, 0x41, 0x00, 0xfc, 0x7e, 0x23, 0x65, 0x70, 0xf8, 0xce, 0xd3, 226 0x40, 0x41, 0x80, 0x6a, 0x1d, 0x01, 0xd6, 0x01, 0xff, 0xb6, 0x1b, 0x3d, 227 0x3d, 0x59, 0x09, 0x33, 0x79, 0xc0, 0x4f, 0xde, 0x96, 0x27, 0x4b, 0x18, 228 0xc6, 0xd9, 0x78, 0xf1, 0xf4, 0x35, 0x46, 0xe9, 0x7c, 0x42, 0x7a, 0x5d, 229 0x9f, 0xef, 0x54, 0xb8, 0xf7, 0x9f, 0xc4, 0x33, 0x6c, 0xf3, 0x8c, 0x32, 230 0x46, 0x87, 0x67, 0x30, 0x7b, 0xa7, 0xac, 0xe3, 0x02, 0x41, 0x00, 0xfc, 231 0x2c, 0xdf, 0x0c, 0x0d, 0x88, 0xf5, 0xb1, 0x92, 0xa8, 0x93, 0x47, 0x63, 232 0x55, 0xf5, 0xca, 0x58, 0x43, 0xba, 0x1c, 0xe5, 0x9e, 0xb6, 0x95, 0x05, 233 0xcd, 0xb5, 0x82, 0xdf, 0xeb, 0x04, 0x53, 0x9d, 0xbd, 0xc2, 0x38, 0x16, 234 0xb3, 0x62, 0xdd, 0xa1, 0x46, 0xdb, 0x6d, 0x97, 0x93, 0x9f, 0x8a, 0xc3, 235 0x9b, 0x64, 0x7e, 0x42, 0xe3, 0x32, 0x57, 0x19, 0x1b, 0xd5, 0x6e, 0x85, 236 0xfa, 0xb8, 0x8d, 0x02, 0x41, 0x00, 0xbc, 0x3d, 0xde, 0x6d, 0xd6, 0x97, 237 0xe8, 0xba, 0x9e, 0x81, 0x37, 0x17, 0xe5, 0xa0, 0x64, 0xc9, 0x00, 0xb7, 238 0xe7, 0xfe, 0xf4, 0x29, 0xd9, 0x2e, 0x43, 0x6b, 0x19, 0x20, 0xbd, 0x99, 239 0x75, 0xe7, 0x76, 0xf8, 0xd3, 0xae, 0xaf, 0x7e, 0xb8, 0xeb, 0x81, 0xf4, 240 0x9d, 0xfe, 0x07, 0x2b, 0x0b, 0x63, 0x0b, 0x5a, 0x55, 0x90, 0x71, 0x7d, 241 0xf1, 0xdb, 0xd9, 0xb1, 0x41, 0x41, 0x68, 0x2f, 0x4e, 0x39, 0x02, 0x40, 242 0x5a, 0x34, 0x66, 0xd8, 0xf5, 0xe2, 0x7f, 0x18, 0xb5, 0x00, 0x6e, 0x26, 243 0x84, 0x27, 0x14, 0x93, 0xfb, 0xfc, 0xc6, 0x0f, 0x5e, 0x27, 0xe6, 0xe1, 244 0xe9, 0xc0, 0x8a, 0xe4, 0x34, 0xda, 0xe9, 0xa2, 0x4b, 0x73, 0xbc, 0x8c, 245 0xb9, 0xba, 0x13, 0x6c, 0x7a, 0x2b, 0x51, 0x84, 0xa3, 0x4a, 0xe0, 0x30, 246 0x10, 0x06, 0x7e, 0xed, 0x17, 0x5a, 0x14, 0x00, 0xc9, 0xef, 0x85, 0xea, 247 0x52, 0x2c, 0xbc, 0x65, 0x02, 0x40, 0x51, 0xe3, 0xf2, 0x83, 0x19, 0x9b, 248 0xc4, 0x1e, 0x2f, 0x50, 0x3d, 0xdf, 0x5a, 0xa2, 0x18, 0xca, 0x5f, 0x2e, 249 0x49, 0xaf, 0x6f, 0xcc, 0xfa, 0x65, 0x77, 0x94, 0xb5, 0xa1, 0x0a, 0xa9, 250 0xd1, 0x8a, 0x39, 0x37, 0xf4, 0x0b, 0xa0, 0xd7, 0x82, 0x27, 0x5e, 0xae, 251 0x17, 0x17, 0xa1, 0x1e, 0x54, 0x34, 0xbf, 0x6e, 0xc4, 0x8e, 0x99, 0x5d, 252 0x08, 0xf1, 0x2d, 0x86, 0x9d, 0xa5, 0x20, 0x1b, 0xe5, 0xdf, 253 }; 254 255 #ifndef OPENSSL_NO_EC 256 /* 257 * kExampleECKeyDER is a sample EC private key encoded as an ECPrivateKey 258 * structure. 259 */ 260 static const unsigned char kExampleECKeyDER[] = { 261 0x30, 0x77, 0x02, 0x01, 0x01, 0x04, 0x20, 0x07, 0x0f, 0x08, 0x72, 0x7a, 262 0xd4, 0xa0, 0x4a, 0x9c, 0xdd, 0x59, 0xc9, 0x4d, 0x89, 0x68, 0x77, 0x08, 263 0xb5, 0x6f, 0xc9, 0x5d, 0x30, 0x77, 0x0e, 0xe8, 0xd1, 0xc9, 0xce, 0x0a, 264 0x8b, 0xb4, 0x6a, 0xa0, 0x0a, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 265 0x03, 0x01, 0x07, 0xa1, 0x44, 0x03, 0x42, 0x00, 0x04, 0xe6, 0x2b, 0x69, 266 0xe2, 0xbf, 0x65, 0x9f, 0x97, 0xbe, 0x2f, 0x1e, 0x0d, 0x94, 0x8a, 0x4c, 267 0xd5, 0x97, 0x6b, 0xb7, 0xa9, 0x1e, 0x0d, 0x46, 0xfb, 0xdd, 0xa9, 0xa9, 268 0x1e, 0x9d, 0xdc, 0xba, 0x5a, 0x01, 0xe7, 0xd6, 0x97, 0xa8, 0x0a, 0x18, 269 0xf9, 0xc3, 0xc4, 0xa3, 0x1e, 0x56, 0xe2, 0x7c, 0x83, 0x48, 0xdb, 0x16, 270 0x1a, 0x1c, 0xf5, 0x1d, 0x7e, 0xf1, 0x94, 0x2d, 0x4b, 0xcf, 0x72, 0x22, 271 0xc1, 272 }; 273 274 /* 275 * kExampleBadECKeyDER is a sample EC private key encoded as an ECPrivateKey 276 * structure. The private key is equal to the order and will fail to import 277 */ 278 static const unsigned char kExampleBadECKeyDER[] = { 279 0x30, 0x66, 0x02, 0x01, 0x00, 0x30, 0x13, 0x06, 0x07, 0x2A, 0x86, 0x48, 280 0xCE, 0x3D, 0x02, 0x01, 0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x03, 281 0x01, 0x07, 0x04, 0x4C, 0x30, 0x4A, 0x02, 0x01, 0x01, 0x04, 0x20, 0xFF, 282 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 283 0xFF, 0xFF, 0xFF, 0xBC, 0xE6, 0xFA, 0xAD, 0xA7, 0x17, 0x9E, 0x84, 0xF3, 284 0xB9, 0xCA, 0xC2, 0xFC, 0x63, 0x25, 0x51, 0xA1, 0x23, 0x03, 0x21, 0x00, 285 0x00, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF, 286 0xFF, 0xFF, 0xFF, 0xFF, 0xBC, 0xE6, 0xFA, 0xAD, 0xA7, 0x17, 0x9E, 0x84, 287 0xF3, 0xB9, 0xCA, 0xC2, 0xFC, 0x63, 0x25, 0x51 288 }; 289 290 /* prime256v1 */ 291 static const unsigned char kExampleECPubKeyDER[] = { 292 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02, 293 0x01, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, 0x03, 294 0x42, 0x00, 0x04, 0xba, 0xeb, 0x83, 0xfb, 0x3b, 0xb2, 0xff, 0x30, 0x53, 295 0xdb, 0xce, 0x32, 0xf2, 0xac, 0xae, 0x44, 0x0d, 0x3d, 0x13, 0x53, 0xb8, 296 0xd1, 0x68, 0x55, 0xde, 0x44, 0x46, 0x05, 0xa6, 0xc9, 0xd2, 0x04, 0xb7, 297 0xe3, 0xa2, 0x96, 0xc8, 0xb2, 0x5e, 0x22, 0x03, 0xd7, 0x03, 0x7a, 0x8b, 298 0x13, 0x5c, 0x42, 0x49, 0xc2, 0xab, 0x86, 0xd6, 0xac, 0x6b, 0x93, 0x20, 299 0x56, 0x6a, 0xc6, 0xc8, 0xa5, 0x0b, 0xe5 300 }; 301 302 static const unsigned char pExampleECParamDER[] = { 303 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07 304 }; 305 #endif 306 307 typedef struct APK_DATA_st { 308 const unsigned char *kder; 309 size_t size; 310 int evptype; 311 int check; 312 int pub_check; 313 int param_check; 314 int type; /* 0 for private, 1 for public, 2 for params */ 315 } APK_DATA; 316 317 static APK_DATA keydata[] = { 318 {kExampleRSAKeyDER, sizeof(kExampleRSAKeyDER), EVP_PKEY_RSA}, 319 {kExampleRSAKeyPKCS8, sizeof(kExampleRSAKeyPKCS8), EVP_PKEY_RSA}, 320 #ifndef OPENSSL_NO_EC 321 {kExampleECKeyDER, sizeof(kExampleECKeyDER), EVP_PKEY_EC} 322 #endif 323 }; 324 325 static APK_DATA keycheckdata[] = { 326 {kExampleRSAKeyDER, sizeof(kExampleRSAKeyDER), EVP_PKEY_RSA, 1, -2, -2, 0}, 327 {kExampleBadRSAKeyDER, sizeof(kExampleBadRSAKeyDER), EVP_PKEY_RSA, 328 0, -2, -2, 0}, 329 #ifndef OPENSSL_NO_EC 330 {kExampleECKeyDER, sizeof(kExampleECKeyDER), EVP_PKEY_EC, 1, 1, 1, 0}, 331 /* group is also associated in our pub key */ 332 {kExampleECPubKeyDER, sizeof(kExampleECPubKeyDER), EVP_PKEY_EC, 0, 1, 1, 1}, 333 {pExampleECParamDER, sizeof(pExampleECParamDER), EVP_PKEY_EC, 0, 0, 1, 2} 334 #endif 335 }; 336 337 static EVP_PKEY *load_example_rsa_key(void) 338 { 339 EVP_PKEY *ret = NULL; 340 const unsigned char *derp = kExampleRSAKeyDER; 341 EVP_PKEY *pkey = NULL; 342 RSA *rsa = NULL; 343 344 if (!TEST_true(d2i_RSAPrivateKey(&rsa, &derp, sizeof(kExampleRSAKeyDER)))) 345 return NULL; 346 347 if (!TEST_ptr(pkey = EVP_PKEY_new()) 348 || !TEST_true(EVP_PKEY_set1_RSA(pkey, rsa))) 349 goto end; 350 351 ret = pkey; 352 pkey = NULL; 353 354 end: 355 EVP_PKEY_free(pkey); 356 RSA_free(rsa); 357 358 return ret; 359 } 360 361 static int test_EVP_Enveloped(void) 362 { 363 int ret = 0; 364 EVP_CIPHER_CTX *ctx = NULL; 365 EVP_PKEY *keypair = NULL; 366 unsigned char *kek = NULL; 367 unsigned char iv[EVP_MAX_IV_LENGTH]; 368 static const unsigned char msg[] = { 1, 2, 3, 4, 5, 6, 7, 8 }; 369 int len, kek_len, ciphertext_len, plaintext_len; 370 unsigned char ciphertext[32], plaintext[16]; 371 const EVP_CIPHER *type = EVP_aes_256_cbc(); 372 373 if (!TEST_ptr(keypair = load_example_rsa_key()) 374 || !TEST_ptr(kek = OPENSSL_zalloc(EVP_PKEY_size(keypair))) 375 || !TEST_ptr(ctx = EVP_CIPHER_CTX_new()) 376 || !TEST_true(EVP_SealInit(ctx, type, &kek, &kek_len, iv, 377 &keypair, 1)) 378 || !TEST_true(EVP_SealUpdate(ctx, ciphertext, &ciphertext_len, 379 msg, sizeof(msg))) 380 || !TEST_true(EVP_SealFinal(ctx, ciphertext + ciphertext_len, 381 &len))) 382 goto err; 383 384 ciphertext_len += len; 385 386 if (!TEST_true(EVP_OpenInit(ctx, type, kek, kek_len, iv, keypair)) 387 || !TEST_true(EVP_OpenUpdate(ctx, plaintext, &plaintext_len, 388 ciphertext, ciphertext_len)) 389 || !TEST_true(EVP_OpenFinal(ctx, plaintext + plaintext_len, &len))) 390 goto err; 391 392 plaintext_len += len; 393 if (!TEST_mem_eq(msg, sizeof(msg), plaintext, plaintext_len)) 394 goto err; 395 396 ret = 1; 397 err: 398 OPENSSL_free(kek); 399 EVP_PKEY_free(keypair); 400 EVP_CIPHER_CTX_free(ctx); 401 return ret; 402 } 403 404 405 static int test_EVP_DigestSignInit(void) 406 { 407 int ret = 0; 408 EVP_PKEY *pkey = NULL; 409 unsigned char *sig = NULL; 410 size_t sig_len = 0; 411 EVP_MD_CTX *md_ctx, *md_ctx_verify = NULL; 412 413 if (!TEST_ptr(md_ctx = EVP_MD_CTX_new()) 414 || !TEST_ptr(md_ctx_verify = EVP_MD_CTX_new()) 415 || !TEST_ptr(pkey = load_example_rsa_key())) 416 goto out; 417 418 if (!TEST_true(EVP_DigestSignInit(md_ctx, NULL, EVP_sha256(), NULL, pkey)) 419 || !TEST_true(EVP_DigestSignUpdate(md_ctx, kMsg, sizeof(kMsg)))) 420 goto out; 421 422 /* Determine the size of the signature. */ 423 if (!TEST_true(EVP_DigestSignFinal(md_ctx, NULL, &sig_len)) 424 || !TEST_size_t_eq(sig_len, (size_t)EVP_PKEY_size(pkey))) 425 goto out; 426 427 if (!TEST_ptr(sig = OPENSSL_malloc(sig_len)) 428 || !TEST_true(EVP_DigestSignFinal(md_ctx, sig, &sig_len))) 429 goto out; 430 431 /* Ensure that the signature round-trips. */ 432 if (!TEST_true(EVP_DigestVerifyInit(md_ctx_verify, NULL, EVP_sha256(), 433 NULL, pkey)) 434 || !TEST_true(EVP_DigestVerifyUpdate(md_ctx_verify, 435 kMsg, sizeof(kMsg))) 436 || !TEST_true(EVP_DigestVerifyFinal(md_ctx_verify, sig, sig_len))) 437 goto out; 438 439 ret = 1; 440 441 out: 442 EVP_MD_CTX_free(md_ctx); 443 EVP_MD_CTX_free(md_ctx_verify); 444 EVP_PKEY_free(pkey); 445 OPENSSL_free(sig); 446 447 return ret; 448 } 449 450 static int test_EVP_DigestVerifyInit(void) 451 { 452 int ret = 0; 453 EVP_PKEY *pkey = NULL; 454 EVP_MD_CTX *md_ctx = NULL; 455 456 if (!TEST_ptr(md_ctx = EVP_MD_CTX_new()) 457 || !TEST_ptr(pkey = load_example_rsa_key())) 458 goto out; 459 460 if (!TEST_true(EVP_DigestVerifyInit(md_ctx, NULL, EVP_sha256(), NULL, pkey)) 461 || !TEST_true(EVP_DigestVerifyUpdate(md_ctx, kMsg, sizeof(kMsg))) 462 || !TEST_true(EVP_DigestVerifyFinal(md_ctx, kSignature, 463 sizeof(kSignature)))) 464 goto out; 465 ret = 1; 466 467 out: 468 EVP_MD_CTX_free(md_ctx); 469 EVP_PKEY_free(pkey); 470 return ret; 471 } 472 473 static int test_d2i_AutoPrivateKey(int i) 474 { 475 int ret = 0; 476 const unsigned char *p; 477 EVP_PKEY *pkey = NULL; 478 const APK_DATA *ak = &keydata[i]; 479 const unsigned char *input = ak->kder; 480 size_t input_len = ak->size; 481 int expected_id = ak->evptype; 482 483 p = input; 484 if (!TEST_ptr(pkey = d2i_AutoPrivateKey(NULL, &p, input_len)) 485 || !TEST_ptr_eq(p, input + input_len) 486 || !TEST_int_eq(EVP_PKEY_id(pkey), expected_id)) 487 goto done; 488 489 ret = 1; 490 491 done: 492 EVP_PKEY_free(pkey); 493 return ret; 494 } 495 496 #ifndef OPENSSL_NO_EC 497 /* Tests loading a bad key in PKCS8 format */ 498 static int test_EVP_PKCS82PKEY(void) 499 { 500 int ret = 0; 501 const unsigned char *derp = kExampleBadECKeyDER; 502 PKCS8_PRIV_KEY_INFO *p8inf = NULL; 503 EVP_PKEY *pkey = NULL; 504 505 if (!TEST_ptr(p8inf = d2i_PKCS8_PRIV_KEY_INFO(NULL, &derp, 506 sizeof(kExampleBadECKeyDER)))) 507 goto done; 508 509 if (!TEST_ptr_eq(derp, 510 kExampleBadECKeyDER + sizeof(kExampleBadECKeyDER))) 511 goto done; 512 513 if (!TEST_ptr_null(pkey = EVP_PKCS82PKEY(p8inf))) 514 goto done; 515 516 ret = 1; 517 518 done: 519 PKCS8_PRIV_KEY_INFO_free(p8inf); 520 EVP_PKEY_free(pkey); 521 522 return ret; 523 } 524 #endif 525 526 #ifndef OPENSSL_NO_SM2 527 528 static int test_EVP_SM2_verify(void) 529 { 530 /* From https://tools.ietf.org/html/draft-shen-sm2-ecdsa-02#appendix-A */ 531 const char *pubkey = 532 "-----BEGIN PUBLIC KEY-----\n" 533 "MIIBMzCB7AYHKoZIzj0CATCB4AIBATAsBgcqhkjOPQEBAiEAhULWnkwETxjouSQ1\n" 534 "v2/33kVyg5FcRVF9ci7biwjx38MwRAQgeHlotPoyw/0kF4Quc7v+/y88hItoMdfg\n" 535 "7GUiizk35JgEIGPkxtOyOwyEnPhCQUhL/kj2HVmlsWugbm4S0donxSSaBEEEQh3r\n" 536 "1hti6rZ0ZDTrw8wxXjIiCzut1QvcTE5sFH/t1D0GgFEry7QsB9RzSdIVO3DE5df9\n" 537 "/L+jbqGoWEG55G4JogIhAIVC1p5MBE8Y6LkkNb9v990pdyBjBIVijVrnTufDLnm3\n" 538 "AgEBA0IABArkx3mKoPEZRxvuEYJb5GICu3nipYRElel8BP9N8lSKfAJA+I8c1OFj\n" 539 "Uqc8F7fxbwc1PlOhdtaEqf4Ma7eY6Fc=\n" 540 "-----END PUBLIC KEY-----\n"; 541 542 const char *msg = "message digest"; 543 const char *id = "ALICE123@YAHOO.COM"; 544 545 const uint8_t signature[] = { 546 0x30, 0x44, 0x02, 0x20, 547 548 0x40, 0xF1, 0xEC, 0x59, 0xF7, 0x93, 0xD9, 0xF4, 0x9E, 0x09, 0xDC, 549 0xEF, 0x49, 0x13, 0x0D, 0x41, 0x94, 0xF7, 0x9F, 0xB1, 0xEE, 0xD2, 550 0xCA, 0xA5, 0x5B, 0xAC, 0xDB, 0x49, 0xC4, 0xE7, 0x55, 0xD1, 551 552 0x02, 0x20, 553 554 0x6F, 0xC6, 0xDA, 0xC3, 0x2C, 0x5D, 0x5C, 0xF1, 0x0C, 0x77, 0xDF, 555 0xB2, 0x0F, 0x7C, 0x2E, 0xB6, 0x67, 0xA4, 0x57, 0x87, 0x2F, 0xB0, 556 0x9E, 0xC5, 0x63, 0x27, 0xA6, 0x7E, 0xC7, 0xDE, 0xEB, 0xE7 557 }; 558 559 int rc = 0; 560 BIO *bio = NULL; 561 EVP_PKEY *pkey = NULL; 562 EVP_MD_CTX *mctx = NULL; 563 EVP_PKEY_CTX *pctx = NULL; 564 565 bio = BIO_new_mem_buf(pubkey, strlen(pubkey)); 566 if (!TEST_true(bio != NULL)) 567 goto done; 568 569 pkey = PEM_read_bio_PUBKEY(bio, NULL, NULL, NULL); 570 if (!TEST_true(pkey != NULL)) 571 goto done; 572 573 if (!TEST_true(EVP_PKEY_set_alias_type(pkey, EVP_PKEY_SM2))) 574 goto done; 575 576 if (!TEST_ptr(mctx = EVP_MD_CTX_new())) 577 goto done; 578 579 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new(pkey, NULL))) 580 goto done; 581 582 if (!TEST_int_gt(EVP_PKEY_CTX_set1_id(pctx, (const uint8_t *)id, 583 strlen(id)), 0)) 584 goto done; 585 586 EVP_MD_CTX_set_pkey_ctx(mctx, pctx); 587 588 if (!TEST_true(EVP_DigestVerifyInit(mctx, NULL, EVP_sm3(), NULL, pkey))) 589 goto done; 590 591 if (!TEST_true(EVP_DigestVerifyUpdate(mctx, msg, strlen(msg)))) 592 goto done; 593 594 if (!TEST_true(EVP_DigestVerifyFinal(mctx, signature, sizeof(signature)))) 595 goto done; 596 rc = 1; 597 598 done: 599 BIO_free(bio); 600 EVP_PKEY_free(pkey); 601 EVP_PKEY_CTX_free(pctx); 602 EVP_MD_CTX_free(mctx); 603 return rc; 604 } 605 606 static int test_EVP_SM2(void) 607 { 608 int ret = 0; 609 EVP_PKEY *pkey = NULL; 610 EVP_PKEY *params = NULL; 611 EVP_PKEY_CTX *pctx = NULL; 612 EVP_PKEY_CTX *kctx = NULL; 613 EVP_PKEY_CTX *sctx = NULL; 614 size_t sig_len = 0; 615 unsigned char *sig = NULL; 616 EVP_MD_CTX *md_ctx = NULL; 617 EVP_MD_CTX *md_ctx_verify = NULL; 618 EVP_PKEY_CTX *cctx = NULL; 619 620 uint8_t ciphertext[128]; 621 size_t ctext_len = sizeof(ciphertext); 622 623 uint8_t plaintext[8]; 624 size_t ptext_len = sizeof(plaintext); 625 626 uint8_t sm2_id[] = {1, 2, 3, 4, 'l', 'e', 't', 't', 'e', 'r'}; 627 628 pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_EC, NULL); 629 if (!TEST_ptr(pctx)) 630 goto done; 631 632 if (!TEST_true(EVP_PKEY_paramgen_init(pctx) == 1)) 633 goto done; 634 635 if (!TEST_true(EVP_PKEY_CTX_set_ec_paramgen_curve_nid(pctx, NID_sm2))) 636 goto done; 637 638 if (!TEST_true(EVP_PKEY_paramgen(pctx, ¶ms))) 639 goto done; 640 641 kctx = EVP_PKEY_CTX_new(params, NULL); 642 if (!TEST_ptr(kctx)) 643 goto done; 644 645 if (!TEST_true(EVP_PKEY_keygen_init(kctx))) 646 goto done; 647 648 if (!TEST_true(EVP_PKEY_keygen(kctx, &pkey))) 649 goto done; 650 651 if (!TEST_true(EVP_PKEY_set_alias_type(pkey, EVP_PKEY_SM2))) 652 goto done; 653 654 if (!TEST_ptr(md_ctx = EVP_MD_CTX_new())) 655 goto done; 656 657 if (!TEST_ptr(md_ctx_verify = EVP_MD_CTX_new())) 658 goto done; 659 660 if (!TEST_ptr(sctx = EVP_PKEY_CTX_new(pkey, NULL))) 661 goto done; 662 663 EVP_MD_CTX_set_pkey_ctx(md_ctx, sctx); 664 EVP_MD_CTX_set_pkey_ctx(md_ctx_verify, sctx); 665 666 if (!TEST_int_gt(EVP_PKEY_CTX_set1_id(sctx, sm2_id, sizeof(sm2_id)), 0)) 667 goto done; 668 669 if (!TEST_true(EVP_DigestSignInit(md_ctx, NULL, EVP_sm3(), NULL, pkey))) 670 goto done; 671 672 if(!TEST_true(EVP_DigestSignUpdate(md_ctx, kMsg, sizeof(kMsg)))) 673 goto done; 674 675 /* Determine the size of the signature. */ 676 if (!TEST_true(EVP_DigestSignFinal(md_ctx, NULL, &sig_len))) 677 goto done; 678 679 if (!TEST_size_t_eq(sig_len, (size_t)EVP_PKEY_size(pkey))) 680 goto done; 681 682 if (!TEST_ptr(sig = OPENSSL_malloc(sig_len))) 683 goto done; 684 685 if (!TEST_true(EVP_DigestSignFinal(md_ctx, sig, &sig_len))) 686 goto done; 687 688 /* Ensure that the signature round-trips. */ 689 690 if (!TEST_true(EVP_DigestVerifyInit(md_ctx_verify, NULL, EVP_sm3(), NULL, pkey))) 691 goto done; 692 693 if (!TEST_true(EVP_DigestVerifyUpdate(md_ctx_verify, kMsg, sizeof(kMsg)))) 694 goto done; 695 696 if (!TEST_true(EVP_DigestVerifyFinal(md_ctx_verify, sig, sig_len))) 697 goto done; 698 699 /* now check encryption/decryption */ 700 701 if (!TEST_ptr(cctx = EVP_PKEY_CTX_new(pkey, NULL))) 702 goto done; 703 704 if (!TEST_true(EVP_PKEY_encrypt_init(cctx))) 705 goto done; 706 707 if (!TEST_true(EVP_PKEY_encrypt(cctx, ciphertext, &ctext_len, kMsg, sizeof(kMsg)))) 708 goto done; 709 710 if (!TEST_true(EVP_PKEY_decrypt_init(cctx))) 711 goto done; 712 713 if (!TEST_true(EVP_PKEY_decrypt(cctx, plaintext, &ptext_len, ciphertext, ctext_len))) 714 goto done; 715 716 if (!TEST_true(ptext_len == sizeof(kMsg))) 717 goto done; 718 719 if (!TEST_true(memcmp(plaintext, kMsg, sizeof(kMsg)) == 0)) 720 goto done; 721 722 ret = 1; 723 done: 724 EVP_PKEY_CTX_free(pctx); 725 EVP_PKEY_CTX_free(kctx); 726 EVP_PKEY_CTX_free(sctx); 727 EVP_PKEY_CTX_free(cctx); 728 EVP_PKEY_free(pkey); 729 EVP_PKEY_free(params); 730 EVP_MD_CTX_free(md_ctx); 731 EVP_MD_CTX_free(md_ctx_verify); 732 OPENSSL_free(sig); 733 return ret; 734 } 735 736 #endif 737 738 static struct keys_st { 739 int type; 740 char *priv; 741 char *pub; 742 } keys[] = { 743 { 744 EVP_PKEY_HMAC, "0123456789", NULL 745 }, { 746 EVP_PKEY_POLY1305, "01234567890123456789012345678901", NULL 747 }, { 748 EVP_PKEY_SIPHASH, "0123456789012345", NULL 749 }, 750 #ifndef OPENSSL_NO_EC 751 { 752 EVP_PKEY_X25519, "01234567890123456789012345678901", 753 "abcdefghijklmnopqrstuvwxyzabcdef" 754 }, { 755 EVP_PKEY_ED25519, "01234567890123456789012345678901", 756 "abcdefghijklmnopqrstuvwxyzabcdef" 757 }, { 758 EVP_PKEY_X448, 759 "01234567890123456789012345678901234567890123456789012345", 760 "abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcd" 761 }, { 762 EVP_PKEY_ED448, 763 "012345678901234567890123456789012345678901234567890123456", 764 "abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcde" 765 } 766 #endif 767 }; 768 769 static int test_set_get_raw_keys_int(int tst, int pub) 770 { 771 int ret = 0; 772 unsigned char buf[80]; 773 unsigned char *in; 774 size_t inlen, len = 0; 775 EVP_PKEY *pkey; 776 777 /* Check if this algorithm supports public keys */ 778 if (keys[tst].pub == NULL) 779 return 1; 780 781 memset(buf, 0, sizeof(buf)); 782 783 if (pub) { 784 inlen = strlen(keys[tst].pub); 785 in = (unsigned char *)keys[tst].pub; 786 pkey = EVP_PKEY_new_raw_public_key(keys[tst].type, 787 NULL, 788 in, 789 inlen); 790 } else { 791 inlen = strlen(keys[tst].priv); 792 in = (unsigned char *)keys[tst].priv; 793 pkey = EVP_PKEY_new_raw_private_key(keys[tst].type, 794 NULL, 795 in, 796 inlen); 797 } 798 799 if (!TEST_ptr(pkey) 800 || (!pub && !TEST_true(EVP_PKEY_get_raw_private_key(pkey, NULL, &len))) 801 || (pub && !TEST_true(EVP_PKEY_get_raw_public_key(pkey, NULL, &len))) 802 || !TEST_true(len == inlen) 803 || (!pub && !TEST_true(EVP_PKEY_get_raw_private_key(pkey, buf, &len))) 804 || (pub && !TEST_true(EVP_PKEY_get_raw_public_key(pkey, buf, &len))) 805 || !TEST_mem_eq(in, inlen, buf, len)) 806 goto done; 807 808 ret = 1; 809 done: 810 EVP_PKEY_free(pkey); 811 return ret; 812 } 813 814 static int test_set_get_raw_keys(int tst) 815 { 816 return test_set_get_raw_keys_int(tst, 0) 817 && test_set_get_raw_keys_int(tst, 1); 818 } 819 820 static int pkey_custom_check(EVP_PKEY *pkey) 821 { 822 return 0xbeef; 823 } 824 825 static int pkey_custom_pub_check(EVP_PKEY *pkey) 826 { 827 return 0xbeef; 828 } 829 830 static int pkey_custom_param_check(EVP_PKEY *pkey) 831 { 832 return 0xbeef; 833 } 834 835 static EVP_PKEY_METHOD *custom_pmeth; 836 837 static int test_EVP_PKEY_check(int i) 838 { 839 int ret = 0; 840 const unsigned char *p; 841 EVP_PKEY *pkey = NULL; 842 #ifndef OPENSSL_NO_EC 843 EC_KEY *eckey = NULL; 844 #endif 845 EVP_PKEY_CTX *ctx = NULL; 846 EVP_PKEY_CTX *ctx2 = NULL; 847 const APK_DATA *ak = &keycheckdata[i]; 848 const unsigned char *input = ak->kder; 849 size_t input_len = ak->size; 850 int expected_id = ak->evptype; 851 int expected_check = ak->check; 852 int expected_pub_check = ak->pub_check; 853 int expected_param_check = ak->param_check; 854 int type = ak->type; 855 BIO *pubkey = NULL; 856 857 p = input; 858 859 switch (type) { 860 case 0: 861 if (!TEST_ptr(pkey = d2i_AutoPrivateKey(NULL, &p, input_len)) 862 || !TEST_ptr_eq(p, input + input_len) 863 || !TEST_int_eq(EVP_PKEY_id(pkey), expected_id)) 864 goto done; 865 break; 866 #ifndef OPENSSL_NO_EC 867 case 1: 868 if (!TEST_ptr(pubkey = BIO_new_mem_buf(input, input_len)) 869 || !TEST_ptr(eckey = d2i_EC_PUBKEY_bio(pubkey, NULL)) 870 || !TEST_ptr(pkey = EVP_PKEY_new()) 871 || !TEST_true(EVP_PKEY_assign_EC_KEY(pkey, eckey))) 872 goto done; 873 break; 874 case 2: 875 if (!TEST_ptr(eckey = d2i_ECParameters(NULL, &p, input_len)) 876 || !TEST_ptr_eq(p, input + input_len) 877 || !TEST_ptr(pkey = EVP_PKEY_new()) 878 || !TEST_true(EVP_PKEY_assign_EC_KEY(pkey, eckey))) 879 goto done; 880 break; 881 #endif 882 default: 883 return 0; 884 } 885 886 if (!TEST_ptr(ctx = EVP_PKEY_CTX_new(pkey, NULL))) 887 goto done; 888 889 if (!TEST_int_eq(EVP_PKEY_check(ctx), expected_check)) 890 goto done; 891 892 if (!TEST_int_eq(EVP_PKEY_public_check(ctx), expected_pub_check)) 893 goto done; 894 895 if (!TEST_int_eq(EVP_PKEY_param_check(ctx), expected_param_check)) 896 goto done; 897 898 ctx2 = EVP_PKEY_CTX_new_id(0xdefaced, NULL); 899 /* assign the pkey directly, as an internal test */ 900 EVP_PKEY_up_ref(pkey); 901 ctx2->pkey = pkey; 902 903 if (!TEST_int_eq(EVP_PKEY_check(ctx2), 0xbeef)) 904 goto done; 905 906 if (!TEST_int_eq(EVP_PKEY_public_check(ctx2), 0xbeef)) 907 goto done; 908 909 if (!TEST_int_eq(EVP_PKEY_param_check(ctx2), 0xbeef)) 910 goto done; 911 912 ret = 1; 913 914 done: 915 EVP_PKEY_CTX_free(ctx); 916 EVP_PKEY_CTX_free(ctx2); 917 EVP_PKEY_free(pkey); 918 BIO_free(pubkey); 919 return ret; 920 } 921 922 static int test_HKDF(void) 923 { 924 EVP_PKEY_CTX *pctx; 925 unsigned char out[20]; 926 size_t outlen; 927 int i, ret = 0; 928 unsigned char salt[] = "0123456789"; 929 unsigned char key[] = "012345678901234567890123456789"; 930 unsigned char info[] = "infostring"; 931 const unsigned char expected[] = { 932 0xe5, 0x07, 0x70, 0x7f, 0xc6, 0x78, 0xd6, 0x54, 0x32, 0x5f, 0x7e, 0xc5, 933 0x7b, 0x59, 0x3e, 0xd8, 0x03, 0x6b, 0xed, 0xca 934 }; 935 size_t expectedlen = sizeof(expected); 936 937 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_HKDF, NULL))) 938 goto done; 939 940 /* We do this twice to test reuse of the EVP_PKEY_CTX */ 941 for (i = 0; i < 2; i++) { 942 outlen = sizeof(out); 943 memset(out, 0, outlen); 944 945 if (!TEST_int_gt(EVP_PKEY_derive_init(pctx), 0) 946 || !TEST_int_gt(EVP_PKEY_CTX_set_hkdf_md(pctx, EVP_sha256()), 0) 947 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_salt(pctx, salt, 948 sizeof(salt) - 1), 0) 949 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_key(pctx, key, 950 sizeof(key) - 1), 0) 951 || !TEST_int_gt(EVP_PKEY_CTX_add1_hkdf_info(pctx, info, 952 sizeof(info) - 1), 0) 953 || !TEST_int_gt(EVP_PKEY_derive(pctx, out, &outlen), 0) 954 || !TEST_mem_eq(out, outlen, expected, expectedlen)) 955 goto done; 956 } 957 958 ret = 1; 959 960 done: 961 EVP_PKEY_CTX_free(pctx); 962 963 return ret; 964 } 965 966 int setup_tests(void) 967 { 968 ADD_TEST(test_EVP_DigestSignInit); 969 ADD_TEST(test_EVP_DigestVerifyInit); 970 ADD_TEST(test_EVP_Enveloped); 971 ADD_ALL_TESTS(test_d2i_AutoPrivateKey, OSSL_NELEM(keydata)); 972 #ifndef OPENSSL_NO_EC 973 ADD_TEST(test_EVP_PKCS82PKEY); 974 #endif 975 #ifndef OPENSSL_NO_SM2 976 ADD_TEST(test_EVP_SM2); 977 ADD_TEST(test_EVP_SM2_verify); 978 #endif 979 ADD_ALL_TESTS(test_set_get_raw_keys, OSSL_NELEM(keys)); 980 custom_pmeth = EVP_PKEY_meth_new(0xdefaced, 0); 981 if (!TEST_ptr(custom_pmeth)) 982 return 0; 983 EVP_PKEY_meth_set_check(custom_pmeth, pkey_custom_check); 984 EVP_PKEY_meth_set_public_check(custom_pmeth, pkey_custom_pub_check); 985 EVP_PKEY_meth_set_param_check(custom_pmeth, pkey_custom_param_check); 986 if (!TEST_int_eq(EVP_PKEY_meth_add0(custom_pmeth), 1)) 987 return 0; 988 ADD_ALL_TESTS(test_EVP_PKEY_check, OSSL_NELEM(keycheckdata)); 989 ADD_TEST(test_HKDF); 990 return 1; 991 } 992