1 /* 2 * Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved. 3 * 4 * Licensed under the OpenSSL license (the "License"). You may not use 5 * this file except in compliance with the License. You can obtain a copy 6 * in the file LICENSE in the source distribution or at 7 * https://www.openssl.org/source/license.html 8 */ 9 10 #include <stdio.h> 11 #include <stdlib.h> 12 #include <string.h> 13 #include <openssl/bio.h> 14 #include <openssl/crypto.h> 15 #include <openssl/err.h> 16 #include <openssl/evp.h> 17 #include <openssl/rsa.h> 18 #include <openssl/x509.h> 19 #include <openssl/pem.h> 20 #include "testutil.h" 21 #include "internal/nelem.h" 22 #include "internal/evp_int.h" 23 24 /* 25 * kExampleRSAKeyDER is an RSA private key in ASN.1, DER format. Of course, you 26 * should never use this key anywhere but in an example. 27 */ 28 static const unsigned char kExampleRSAKeyDER[] = { 29 0x30, 0x82, 0x02, 0x5c, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81, 0x00, 0xf8, 30 0xb8, 0x6c, 0x83, 0xb4, 0xbc, 0xd9, 0xa8, 0x57, 0xc0, 0xa5, 0xb4, 0x59, 31 0x76, 0x8c, 0x54, 0x1d, 0x79, 0xeb, 0x22, 0x52, 0x04, 0x7e, 0xd3, 0x37, 32 0xeb, 0x41, 0xfd, 0x83, 0xf9, 0xf0, 0xa6, 0x85, 0x15, 0x34, 0x75, 0x71, 33 0x5a, 0x84, 0xa8, 0x3c, 0xd2, 0xef, 0x5a, 0x4e, 0xd3, 0xde, 0x97, 0x8a, 34 0xdd, 0xff, 0xbb, 0xcf, 0x0a, 0xaa, 0x86, 0x92, 0xbe, 0xb8, 0x50, 0xe4, 35 0xcd, 0x6f, 0x80, 0x33, 0x30, 0x76, 0x13, 0x8f, 0xca, 0x7b, 0xdc, 0xec, 36 0x5a, 0xca, 0x63, 0xc7, 0x03, 0x25, 0xef, 0xa8, 0x8a, 0x83, 0x58, 0x76, 37 0x20, 0xfa, 0x16, 0x77, 0xd7, 0x79, 0x92, 0x63, 0x01, 0x48, 0x1a, 0xd8, 38 0x7b, 0x67, 0xf1, 0x52, 0x55, 0x49, 0x4e, 0xd6, 0x6e, 0x4a, 0x5c, 0xd7, 39 0x7a, 0x37, 0x36, 0x0c, 0xde, 0xdd, 0x8f, 0x44, 0xe8, 0xc2, 0xa7, 0x2c, 40 0x2b, 0xb5, 0xaf, 0x64, 0x4b, 0x61, 0x07, 0x02, 0x03, 0x01, 0x00, 0x01, 41 0x02, 0x81, 0x80, 0x74, 0x88, 0x64, 0x3f, 0x69, 0x45, 0x3a, 0x6d, 0xc7, 42 0x7f, 0xb9, 0xa3, 0xc0, 0x6e, 0xec, 0xdc, 0xd4, 0x5a, 0xb5, 0x32, 0x85, 43 0x5f, 0x19, 0xd4, 0xf8, 0xd4, 0x3f, 0x3c, 0xfa, 0xc2, 0xf6, 0x5f, 0xee, 44 0xe6, 0xba, 0x87, 0x74, 0x2e, 0xc7, 0x0c, 0xd4, 0x42, 0xb8, 0x66, 0x85, 45 0x9c, 0x7b, 0x24, 0x61, 0xaa, 0x16, 0x11, 0xf6, 0xb5, 0xb6, 0xa4, 0x0a, 46 0xc9, 0x55, 0x2e, 0x81, 0xa5, 0x47, 0x61, 0xcb, 0x25, 0x8f, 0xc2, 0x15, 47 0x7b, 0x0e, 0x7c, 0x36, 0x9f, 0x3a, 0xda, 0x58, 0x86, 0x1c, 0x5b, 0x83, 48 0x79, 0xe6, 0x2b, 0xcc, 0xe6, 0xfa, 0x2c, 0x61, 0xf2, 0x78, 0x80, 0x1b, 49 0xe2, 0xf3, 0x9d, 0x39, 0x2b, 0x65, 0x57, 0x91, 0x3d, 0x71, 0x99, 0x73, 50 0xa5, 0xc2, 0x79, 0x20, 0x8c, 0x07, 0x4f, 0xe5, 0xb4, 0x60, 0x1f, 0x99, 51 0xa2, 0xb1, 0x4f, 0x0c, 0xef, 0xbc, 0x59, 0x53, 0x00, 0x7d, 0xb1, 0x02, 52 0x41, 0x00, 0xfc, 0x7e, 0x23, 0x65, 0x70, 0xf8, 0xce, 0xd3, 0x40, 0x41, 53 0x80, 0x6a, 0x1d, 0x01, 0xd6, 0x01, 0xff, 0xb6, 0x1b, 0x3d, 0x3d, 0x59, 54 0x09, 0x33, 0x79, 0xc0, 0x4f, 0xde, 0x96, 0x27, 0x4b, 0x18, 0xc6, 0xd9, 55 0x78, 0xf1, 0xf4, 0x35, 0x46, 0xe9, 0x7c, 0x42, 0x7a, 0x5d, 0x9f, 0xef, 56 0x54, 0xb8, 0xf7, 0x9f, 0xc4, 0x33, 0x6c, 0xf3, 0x8c, 0x32, 0x46, 0x87, 57 0x67, 0x30, 0x7b, 0xa7, 0xac, 0xe3, 0x02, 0x41, 0x00, 0xfc, 0x2c, 0xdf, 58 0x0c, 0x0d, 0x88, 0xf5, 0xb1, 0x92, 0xa8, 0x93, 0x47, 0x63, 0x55, 0xf5, 59 0xca, 0x58, 0x43, 0xba, 0x1c, 0xe5, 0x9e, 0xb6, 0x95, 0x05, 0xcd, 0xb5, 60 0x82, 0xdf, 0xeb, 0x04, 0x53, 0x9d, 0xbd, 0xc2, 0x38, 0x16, 0xb3, 0x62, 61 0xdd, 0xa1, 0x46, 0xdb, 0x6d, 0x97, 0x93, 0x9f, 0x8a, 0xc3, 0x9b, 0x64, 62 0x7e, 0x42, 0xe3, 0x32, 0x57, 0x19, 0x1b, 0xd5, 0x6e, 0x85, 0xfa, 0xb8, 63 0x8d, 0x02, 0x41, 0x00, 0xbc, 0x3d, 0xde, 0x6d, 0xd6, 0x97, 0xe8, 0xba, 64 0x9e, 0x81, 0x37, 0x17, 0xe5, 0xa0, 0x64, 0xc9, 0x00, 0xb7, 0xe7, 0xfe, 65 0xf4, 0x29, 0xd9, 0x2e, 0x43, 0x6b, 0x19, 0x20, 0xbd, 0x99, 0x75, 0xe7, 66 0x76, 0xf8, 0xd3, 0xae, 0xaf, 0x7e, 0xb8, 0xeb, 0x81, 0xf4, 0x9d, 0xfe, 67 0x07, 0x2b, 0x0b, 0x63, 0x0b, 0x5a, 0x55, 0x90, 0x71, 0x7d, 0xf1, 0xdb, 68 0xd9, 0xb1, 0x41, 0x41, 0x68, 0x2f, 0x4e, 0x39, 0x02, 0x40, 0x5a, 0x34, 69 0x66, 0xd8, 0xf5, 0xe2, 0x7f, 0x18, 0xb5, 0x00, 0x6e, 0x26, 0x84, 0x27, 70 0x14, 0x93, 0xfb, 0xfc, 0xc6, 0x0f, 0x5e, 0x27, 0xe6, 0xe1, 0xe9, 0xc0, 71 0x8a, 0xe4, 0x34, 0xda, 0xe9, 0xa2, 0x4b, 0x73, 0xbc, 0x8c, 0xb9, 0xba, 72 0x13, 0x6c, 0x7a, 0x2b, 0x51, 0x84, 0xa3, 0x4a, 0xe0, 0x30, 0x10, 0x06, 73 0x7e, 0xed, 0x17, 0x5a, 0x14, 0x00, 0xc9, 0xef, 0x85, 0xea, 0x52, 0x2c, 74 0xbc, 0x65, 0x02, 0x40, 0x51, 0xe3, 0xf2, 0x83, 0x19, 0x9b, 0xc4, 0x1e, 75 0x2f, 0x50, 0x3d, 0xdf, 0x5a, 0xa2, 0x18, 0xca, 0x5f, 0x2e, 0x49, 0xaf, 76 0x6f, 0xcc, 0xfa, 0x65, 0x77, 0x94, 0xb5, 0xa1, 0x0a, 0xa9, 0xd1, 0x8a, 77 0x39, 0x37, 0xf4, 0x0b, 0xa0, 0xd7, 0x82, 0x27, 0x5e, 0xae, 0x17, 0x17, 78 0xa1, 0x1e, 0x54, 0x34, 0xbf, 0x6e, 0xc4, 0x8e, 0x99, 0x5d, 0x08, 0xf1, 79 0x2d, 0x86, 0x9d, 0xa5, 0x20, 0x1b, 0xe5, 0xdf, 80 }; 81 82 /* 83 * kExampleBadRSAKeyDER is an RSA private key in ASN.1, DER format. The private 84 * components are not correct. 85 */ 86 static const unsigned char kExampleBadRSAKeyDER[] = { 87 0x30, 0x82, 0x04, 0x27, 0x02, 0x01, 0x00, 0x02, 0x82, 0x01, 0x01, 0x00, 88 0xa6, 0x1a, 0x1e, 0x6e, 0x7b, 0xee, 0xc6, 0x89, 0x66, 0xe7, 0x93, 0xef, 89 0x54, 0x12, 0x68, 0xea, 0xbf, 0x86, 0x2f, 0xdd, 0xd2, 0x79, 0xb8, 0xa9, 90 0x6e, 0x03, 0xc2, 0xa3, 0xb9, 0xa3, 0xe1, 0x4b, 0x2a, 0xb3, 0xf8, 0xb4, 91 0xcd, 0xea, 0xbe, 0x24, 0xa6, 0x57, 0x5b, 0x83, 0x1f, 0x0f, 0xf2, 0xd3, 92 0xb7, 0xac, 0x7e, 0xd6, 0x8e, 0x6e, 0x1e, 0xbf, 0xb8, 0x73, 0x8c, 0x05, 93 0x56, 0xe6, 0x35, 0x1f, 0xe9, 0x04, 0x0b, 0x09, 0x86, 0x7d, 0xf1, 0x26, 94 0x08, 0x99, 0xad, 0x7b, 0xc8, 0x4d, 0x94, 0xb0, 0x0b, 0x8b, 0x38, 0xa0, 95 0x5c, 0x62, 0xa0, 0xab, 0xd3, 0x8f, 0xd4, 0x09, 0x60, 0x72, 0x1e, 0x33, 96 0x50, 0x80, 0x6e, 0x22, 0xa6, 0x77, 0x57, 0x6b, 0x9a, 0x33, 0x21, 0x66, 97 0x87, 0x6e, 0x21, 0x7b, 0xc7, 0x24, 0x0e, 0xd8, 0x13, 0xdf, 0x83, 0xde, 98 0xcd, 0x40, 0x58, 0x1d, 0x84, 0x86, 0xeb, 0xb8, 0x12, 0x4e, 0xd2, 0xfa, 99 0x80, 0x1f, 0xe4, 0xe7, 0x96, 0x29, 0xb8, 0xcc, 0xce, 0x66, 0x6d, 0x53, 100 0xca, 0xb9, 0x5a, 0xd7, 0xf6, 0x84, 0x6c, 0x2d, 0x9a, 0x1a, 0x14, 0x1c, 101 0x4e, 0x93, 0x39, 0xba, 0x74, 0xed, 0xed, 0x87, 0x87, 0x5e, 0x48, 0x75, 102 0x36, 0xf0, 0xbc, 0x34, 0xfb, 0x29, 0xf9, 0x9f, 0x96, 0x5b, 0x0b, 0xa7, 103 0x54, 0x30, 0x51, 0x29, 0x18, 0x5b, 0x7d, 0xac, 0x0f, 0xd6, 0x5f, 0x7c, 104 0xf8, 0x98, 0x8c, 0xd8, 0x86, 0x62, 0xb3, 0xdc, 0xff, 0x0f, 0xff, 0x7a, 105 0xaf, 0x5c, 0x4c, 0x61, 0x49, 0x2e, 0xc8, 0x95, 0x86, 0xc4, 0x0e, 0x87, 106 0xfc, 0x1d, 0xcf, 0x8b, 0x7c, 0x61, 0xf6, 0xd8, 0xd0, 0x69, 0xf6, 0xcd, 107 0x8a, 0x8c, 0xf6, 0x62, 0xa2, 0x56, 0xa9, 0xe3, 0xd1, 0xcf, 0x4d, 0xa0, 108 0xf6, 0x2d, 0x20, 0x0a, 0x04, 0xb7, 0xa2, 0xf7, 0xb5, 0x99, 0x47, 0x18, 109 0x56, 0x85, 0x87, 0xc7, 0x02, 0x03, 0x01, 0x00, 0x01, 0x02, 0x82, 0x01, 110 0x01, 0x00, 0x99, 0x41, 0x38, 0x1a, 0xd0, 0x96, 0x7a, 0xf0, 0x83, 0xd5, 111 0xdf, 0x94, 0xce, 0x89, 0x3d, 0xec, 0x7a, 0x52, 0x21, 0x10, 0x16, 0x06, 112 0xe0, 0xee, 0xd2, 0xe6, 0xfd, 0x4b, 0x7b, 0x19, 0x4d, 0xe1, 0xc0, 0xc0, 113 0xd5, 0x14, 0x5d, 0x79, 0xdd, 0x7e, 0x8b, 0x4b, 0xc6, 0xcf, 0xb0, 0x75, 114 0x52, 0xa3, 0x2d, 0xb1, 0x26, 0x46, 0x68, 0x9c, 0x0a, 0x1a, 0xf2, 0xe1, 115 0x09, 0xac, 0x53, 0x85, 0x8c, 0x36, 0xa9, 0x14, 0x65, 0xea, 0xa0, 0x00, 116 0xcb, 0xe3, 0x3f, 0xc4, 0x2b, 0x61, 0x2e, 0x6b, 0x06, 0x69, 0x77, 0xfd, 117 0x38, 0x7e, 0x1d, 0x3f, 0x92, 0xe7, 0x77, 0x08, 0x19, 0xa7, 0x9d, 0x29, 118 0x2d, 0xdc, 0x42, 0xc6, 0x7c, 0xd7, 0xd3, 0xa8, 0x01, 0x2c, 0xf2, 0xd5, 119 0x82, 0x57, 0xcb, 0x55, 0x3d, 0xe7, 0xaa, 0xd2, 0x06, 0x30, 0x30, 0x05, 120 0xe6, 0xf2, 0x47, 0x86, 0xba, 0xc6, 0x61, 0x64, 0xeb, 0x4f, 0x2a, 0x5e, 121 0x07, 0x29, 0xe0, 0x96, 0xb2, 0x43, 0xff, 0x5f, 0x1a, 0x54, 0x16, 0xcf, 122 0xb5, 0x56, 0x5c, 0xa0, 0x9b, 0x0c, 0xfd, 0xb3, 0xd2, 0xe3, 0x79, 0x1d, 123 0x21, 0xe2, 0xd6, 0x13, 0xc4, 0x74, 0xa6, 0xf5, 0x8e, 0x8e, 0x81, 0xbb, 124 0xb4, 0xad, 0x8a, 0xf0, 0x93, 0x0a, 0xd8, 0x0a, 0x42, 0x36, 0xbc, 0xe5, 125 0x26, 0x2a, 0x0d, 0x5d, 0x57, 0x13, 0xc5, 0x4e, 0x2f, 0x12, 0x0e, 0xef, 126 0xa7, 0x81, 0x1e, 0xc3, 0xa5, 0xdb, 0xc9, 0x24, 0xeb, 0x1a, 0xa1, 0xf9, 127 0xf6, 0xa1, 0x78, 0x98, 0x93, 0x77, 0x42, 0x45, 0x03, 0xe2, 0xc9, 0xa2, 128 0xfe, 0x2d, 0x77, 0xc8, 0xc6, 0xac, 0x9b, 0x98, 0x89, 0x6d, 0x9a, 0xe7, 129 0x61, 0x63, 0xb7, 0xf2, 0xec, 0xd6, 0xb1, 0xa1, 0x6e, 0x0a, 0x1a, 0xff, 130 0xfd, 0x43, 0x28, 0xc3, 0x0c, 0xdc, 0xf2, 0x47, 0x4f, 0x27, 0xaa, 0x99, 131 0x04, 0x8e, 0xac, 0xe8, 0x7c, 0x01, 0x02, 0x04, 0x12, 0x34, 0x56, 0x78, 132 0x02, 0x81, 0x81, 0x00, 0xca, 0x69, 0xe5, 0xbb, 0x3a, 0x90, 0x82, 0xcb, 133 0x82, 0x50, 0x2f, 0x29, 0xe2, 0x76, 0x6a, 0x57, 0x55, 0x45, 0x4e, 0x35, 134 0x18, 0x61, 0xe0, 0x12, 0x70, 0xc0, 0xab, 0xc7, 0x80, 0xa2, 0xd4, 0x46, 135 0x34, 0x03, 0xa0, 0x19, 0x26, 0x23, 0x9e, 0xef, 0x1a, 0xcb, 0x75, 0xd6, 136 0xba, 0x81, 0xf4, 0x7e, 0x52, 0xe5, 0x2a, 0xe8, 0xf1, 0x49, 0x6c, 0x0f, 137 0x1a, 0xa0, 0xf9, 0xc6, 0xe7, 0xec, 0x60, 0xe4, 0xcb, 0x2a, 0xb5, 0x56, 138 0xe9, 0x9c, 0xcd, 0x19, 0x75, 0x92, 0xb1, 0x66, 0xce, 0xc3, 0xd9, 0x3d, 139 0x11, 0xcb, 0xc4, 0x09, 0xce, 0x1e, 0x30, 0xba, 0x2f, 0x60, 0x60, 0x55, 140 0x8d, 0x02, 0xdc, 0x5d, 0xaf, 0xf7, 0x52, 0x31, 0x17, 0x07, 0x53, 0x20, 141 0x33, 0xad, 0x8c, 0xd5, 0x2f, 0x5a, 0xd0, 0x57, 0xd7, 0xd1, 0x80, 0xd6, 142 0x3a, 0x9b, 0x04, 0x4f, 0x35, 0xbf, 0xe7, 0xd5, 0xbc, 0x8f, 0xd4, 0x81, 143 0x02, 0x81, 0x81, 0x00, 0xc0, 0x9f, 0xf8, 0xcd, 0xf7, 0x3f, 0x26, 0x8a, 144 0x3d, 0x4d, 0x2b, 0x0c, 0x01, 0xd0, 0xa2, 0xb4, 0x18, 0xfe, 0xf7, 0x5e, 145 0x2f, 0x06, 0x13, 0xcd, 0x63, 0xaa, 0x12, 0xa9, 0x24, 0x86, 0xe3, 0xf3, 146 0x7b, 0xda, 0x1a, 0x3c, 0xb1, 0x38, 0x80, 0x80, 0xef, 0x64, 0x64, 0xa1, 147 0x9b, 0xfe, 0x76, 0x63, 0x8e, 0x83, 0xd2, 0xd9, 0xb9, 0x86, 0xb0, 0xe6, 148 0xa6, 0x0c, 0x7e, 0xa8, 0x84, 0x90, 0x98, 0x0c, 0x1e, 0xf3, 0x14, 0x77, 149 0xe0, 0x5f, 0x81, 0x08, 0x11, 0x8f, 0xa6, 0x23, 0xc4, 0xba, 0xc0, 0x8a, 150 0xe4, 0xc6, 0xe3, 0x5c, 0xbe, 0xc5, 0xec, 0x2c, 0xb9, 0xd8, 0x8c, 0x4d, 151 0x1a, 0x9d, 0xe7, 0x7c, 0x85, 0x4c, 0x0d, 0x71, 0x4e, 0x72, 0x33, 0x1b, 152 0xfe, 0xa9, 0x17, 0x72, 0x76, 0x56, 0x9d, 0x74, 0x7e, 0x52, 0x67, 0x9a, 153 0x87, 0x9a, 0xdb, 0x30, 0xde, 0xe4, 0x49, 0x28, 0x3b, 0xd2, 0x67, 0xaf, 154 0x02, 0x81, 0x81, 0x00, 0x89, 0x74, 0x9a, 0x8e, 0xa7, 0xb9, 0xa5, 0x28, 155 0xc0, 0x68, 0xe5, 0x6e, 0x63, 0x1c, 0x99, 0x20, 0x8f, 0x86, 0x8e, 0x12, 156 0x9e, 0x69, 0x30, 0xfa, 0x34, 0xd9, 0x92, 0x8d, 0xdb, 0x7c, 0x37, 0xfd, 157 0x28, 0xab, 0x61, 0x98, 0x52, 0x7f, 0x14, 0x1a, 0x39, 0xae, 0xfb, 0x6a, 158 0x03, 0xa3, 0xe6, 0xbd, 0xb6, 0x5b, 0x6b, 0xe5, 0x5e, 0x9d, 0xc6, 0xa5, 159 0x07, 0x27, 0x54, 0x17, 0xd0, 0x3d, 0x84, 0x9b, 0x3a, 0xa0, 0xd9, 0x1e, 160 0x99, 0x6c, 0x63, 0x17, 0xab, 0xf1, 0x1f, 0x49, 0xba, 0x95, 0xe3, 0x3b, 161 0x86, 0x8f, 0x42, 0xa4, 0x89, 0xf5, 0x94, 0x8f, 0x8b, 0x46, 0xbe, 0x84, 162 0xba, 0x4a, 0xbc, 0x0d, 0x5f, 0x46, 0xeb, 0xe8, 0xec, 0x43, 0x8c, 0x1e, 163 0xad, 0x19, 0x69, 0x2f, 0x08, 0x86, 0x7a, 0x3f, 0x7d, 0x0f, 0x07, 0x97, 164 0xf3, 0x9a, 0x7b, 0xb5, 0xb2, 0xc1, 0x8c, 0x95, 0x68, 0x04, 0xa0, 0x81, 165 0x02, 0x81, 0x80, 0x4e, 0xbf, 0x7e, 0x1b, 0xcb, 0x13, 0x61, 0x75, 0x3b, 166 0xdb, 0x59, 0x5f, 0xb1, 0xd4, 0xb8, 0xeb, 0x9e, 0x73, 0xb5, 0xe7, 0xf6, 167 0x89, 0x3d, 0x1c, 0xda, 0xf0, 0x36, 0xff, 0x35, 0xbd, 0x1e, 0x0b, 0x74, 168 0xe3, 0x9e, 0xf0, 0xf2, 0xf7, 0xd7, 0x82, 0xb7, 0x7b, 0x6a, 0x1b, 0x0e, 169 0x30, 0x4a, 0x98, 0x0e, 0xb4, 0xf9, 0x81, 0x07, 0xe4, 0x75, 0x39, 0xe9, 170 0x53, 0xca, 0xbb, 0x5c, 0xaa, 0x93, 0x07, 0x0e, 0xa8, 0x2f, 0xba, 0x98, 171 0x49, 0x30, 0xa7, 0xcc, 0x1a, 0x3c, 0x68, 0x0c, 0xe1, 0xa4, 0xb1, 0x05, 172 0xe6, 0xe0, 0x25, 0x78, 0x58, 0x14, 0x37, 0xf5, 0x1f, 0xe3, 0x22, 0xef, 173 0xa8, 0x0e, 0x22, 0xa0, 0x94, 0x3a, 0xf6, 0xc9, 0x13, 0xe6, 0x06, 0xbf, 174 0x7f, 0x99, 0xc6, 0xcc, 0xd8, 0xc6, 0xbe, 0xd9, 0x2e, 0x24, 0xc7, 0x69, 175 0x8c, 0x95, 0xba, 0xf6, 0x04, 0xb3, 0x0a, 0xf4, 0xcb, 0xf0, 0xce, 176 }; 177 178 static const unsigned char kMsg[] = { 1, 2, 3, 4 }; 179 180 static const unsigned char kSignature[] = { 181 0xa5, 0xf0, 0x8a, 0x47, 0x5d, 0x3c, 0xb3, 0xcc, 0xa9, 0x79, 0xaf, 0x4d, 182 0x8c, 0xae, 0x4c, 0x14, 0xef, 0xc2, 0x0b, 0x34, 0x36, 0xde, 0xf4, 0x3e, 183 0x3d, 0xbb, 0x4a, 0x60, 0x5c, 0xc8, 0x91, 0x28, 0xda, 0xfb, 0x7e, 0x04, 184 0x96, 0x7e, 0x63, 0x13, 0x90, 0xce, 0xb9, 0xb4, 0x62, 0x7a, 0xfd, 0x09, 185 0x3d, 0xc7, 0x67, 0x78, 0x54, 0x04, 0xeb, 0x52, 0x62, 0x6e, 0x24, 0x67, 186 0xb4, 0x40, 0xfc, 0x57, 0x62, 0xc6, 0xf1, 0x67, 0xc1, 0x97, 0x8f, 0x6a, 187 0xa8, 0xae, 0x44, 0x46, 0x5e, 0xab, 0x67, 0x17, 0x53, 0x19, 0x3a, 0xda, 188 0x5a, 0xc8, 0x16, 0x3e, 0x86, 0xd5, 0xc5, 0x71, 0x2f, 0xfc, 0x23, 0x48, 189 0xd9, 0x0b, 0x13, 0xdd, 0x7b, 0x5a, 0x25, 0x79, 0xef, 0xa5, 0x7b, 0x04, 190 0xed, 0x44, 0xf6, 0x18, 0x55, 0xe4, 0x0a, 0xe9, 0x57, 0x79, 0x5d, 0xd7, 191 0x55, 0xa7, 0xab, 0x45, 0x02, 0x97, 0x60, 0x42, 192 }; 193 194 /* 195 * kExampleRSAKeyPKCS8 is kExampleRSAKeyDER encoded in a PKCS #8 196 * PrivateKeyInfo. 197 */ 198 static const unsigned char kExampleRSAKeyPKCS8[] = { 199 0x30, 0x82, 0x02, 0x76, 0x02, 0x01, 0x00, 0x30, 0x0d, 0x06, 0x09, 0x2a, 200 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x04, 0x82, 201 0x02, 0x60, 0x30, 0x82, 0x02, 0x5c, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81, 202 0x00, 0xf8, 0xb8, 0x6c, 0x83, 0xb4, 0xbc, 0xd9, 0xa8, 0x57, 0xc0, 0xa5, 203 0xb4, 0x59, 0x76, 0x8c, 0x54, 0x1d, 0x79, 0xeb, 0x22, 0x52, 0x04, 0x7e, 204 0xd3, 0x37, 0xeb, 0x41, 0xfd, 0x83, 0xf9, 0xf0, 0xa6, 0x85, 0x15, 0x34, 205 0x75, 0x71, 0x5a, 0x84, 0xa8, 0x3c, 0xd2, 0xef, 0x5a, 0x4e, 0xd3, 0xde, 206 0x97, 0x8a, 0xdd, 0xff, 0xbb, 0xcf, 0x0a, 0xaa, 0x86, 0x92, 0xbe, 0xb8, 207 0x50, 0xe4, 0xcd, 0x6f, 0x80, 0x33, 0x30, 0x76, 0x13, 0x8f, 0xca, 0x7b, 208 0xdc, 0xec, 0x5a, 0xca, 0x63, 0xc7, 0x03, 0x25, 0xef, 0xa8, 0x8a, 0x83, 209 0x58, 0x76, 0x20, 0xfa, 0x16, 0x77, 0xd7, 0x79, 0x92, 0x63, 0x01, 0x48, 210 0x1a, 0xd8, 0x7b, 0x67, 0xf1, 0x52, 0x55, 0x49, 0x4e, 0xd6, 0x6e, 0x4a, 211 0x5c, 0xd7, 0x7a, 0x37, 0x36, 0x0c, 0xde, 0xdd, 0x8f, 0x44, 0xe8, 0xc2, 212 0xa7, 0x2c, 0x2b, 0xb5, 0xaf, 0x64, 0x4b, 0x61, 0x07, 0x02, 0x03, 0x01, 213 0x00, 0x01, 0x02, 0x81, 0x80, 0x74, 0x88, 0x64, 0x3f, 0x69, 0x45, 0x3a, 214 0x6d, 0xc7, 0x7f, 0xb9, 0xa3, 0xc0, 0x6e, 0xec, 0xdc, 0xd4, 0x5a, 0xb5, 215 0x32, 0x85, 0x5f, 0x19, 0xd4, 0xf8, 0xd4, 0x3f, 0x3c, 0xfa, 0xc2, 0xf6, 216 0x5f, 0xee, 0xe6, 0xba, 0x87, 0x74, 0x2e, 0xc7, 0x0c, 0xd4, 0x42, 0xb8, 217 0x66, 0x85, 0x9c, 0x7b, 0x24, 0x61, 0xaa, 0x16, 0x11, 0xf6, 0xb5, 0xb6, 218 0xa4, 0x0a, 0xc9, 0x55, 0x2e, 0x81, 0xa5, 0x47, 0x61, 0xcb, 0x25, 0x8f, 219 0xc2, 0x15, 0x7b, 0x0e, 0x7c, 0x36, 0x9f, 0x3a, 0xda, 0x58, 0x86, 0x1c, 220 0x5b, 0x83, 0x79, 0xe6, 0x2b, 0xcc, 0xe6, 0xfa, 0x2c, 0x61, 0xf2, 0x78, 221 0x80, 0x1b, 0xe2, 0xf3, 0x9d, 0x39, 0x2b, 0x65, 0x57, 0x91, 0x3d, 0x71, 222 0x99, 0x73, 0xa5, 0xc2, 0x79, 0x20, 0x8c, 0x07, 0x4f, 0xe5, 0xb4, 0x60, 223 0x1f, 0x99, 0xa2, 0xb1, 0x4f, 0x0c, 0xef, 0xbc, 0x59, 0x53, 0x00, 0x7d, 224 0xb1, 0x02, 0x41, 0x00, 0xfc, 0x7e, 0x23, 0x65, 0x70, 0xf8, 0xce, 0xd3, 225 0x40, 0x41, 0x80, 0x6a, 0x1d, 0x01, 0xd6, 0x01, 0xff, 0xb6, 0x1b, 0x3d, 226 0x3d, 0x59, 0x09, 0x33, 0x79, 0xc0, 0x4f, 0xde, 0x96, 0x27, 0x4b, 0x18, 227 0xc6, 0xd9, 0x78, 0xf1, 0xf4, 0x35, 0x46, 0xe9, 0x7c, 0x42, 0x7a, 0x5d, 228 0x9f, 0xef, 0x54, 0xb8, 0xf7, 0x9f, 0xc4, 0x33, 0x6c, 0xf3, 0x8c, 0x32, 229 0x46, 0x87, 0x67, 0x30, 0x7b, 0xa7, 0xac, 0xe3, 0x02, 0x41, 0x00, 0xfc, 230 0x2c, 0xdf, 0x0c, 0x0d, 0x88, 0xf5, 0xb1, 0x92, 0xa8, 0x93, 0x47, 0x63, 231 0x55, 0xf5, 0xca, 0x58, 0x43, 0xba, 0x1c, 0xe5, 0x9e, 0xb6, 0x95, 0x05, 232 0xcd, 0xb5, 0x82, 0xdf, 0xeb, 0x04, 0x53, 0x9d, 0xbd, 0xc2, 0x38, 0x16, 233 0xb3, 0x62, 0xdd, 0xa1, 0x46, 0xdb, 0x6d, 0x97, 0x93, 0x9f, 0x8a, 0xc3, 234 0x9b, 0x64, 0x7e, 0x42, 0xe3, 0x32, 0x57, 0x19, 0x1b, 0xd5, 0x6e, 0x85, 235 0xfa, 0xb8, 0x8d, 0x02, 0x41, 0x00, 0xbc, 0x3d, 0xde, 0x6d, 0xd6, 0x97, 236 0xe8, 0xba, 0x9e, 0x81, 0x37, 0x17, 0xe5, 0xa0, 0x64, 0xc9, 0x00, 0xb7, 237 0xe7, 0xfe, 0xf4, 0x29, 0xd9, 0x2e, 0x43, 0x6b, 0x19, 0x20, 0xbd, 0x99, 238 0x75, 0xe7, 0x76, 0xf8, 0xd3, 0xae, 0xaf, 0x7e, 0xb8, 0xeb, 0x81, 0xf4, 239 0x9d, 0xfe, 0x07, 0x2b, 0x0b, 0x63, 0x0b, 0x5a, 0x55, 0x90, 0x71, 0x7d, 240 0xf1, 0xdb, 0xd9, 0xb1, 0x41, 0x41, 0x68, 0x2f, 0x4e, 0x39, 0x02, 0x40, 241 0x5a, 0x34, 0x66, 0xd8, 0xf5, 0xe2, 0x7f, 0x18, 0xb5, 0x00, 0x6e, 0x26, 242 0x84, 0x27, 0x14, 0x93, 0xfb, 0xfc, 0xc6, 0x0f, 0x5e, 0x27, 0xe6, 0xe1, 243 0xe9, 0xc0, 0x8a, 0xe4, 0x34, 0xda, 0xe9, 0xa2, 0x4b, 0x73, 0xbc, 0x8c, 244 0xb9, 0xba, 0x13, 0x6c, 0x7a, 0x2b, 0x51, 0x84, 0xa3, 0x4a, 0xe0, 0x30, 245 0x10, 0x06, 0x7e, 0xed, 0x17, 0x5a, 0x14, 0x00, 0xc9, 0xef, 0x85, 0xea, 246 0x52, 0x2c, 0xbc, 0x65, 0x02, 0x40, 0x51, 0xe3, 0xf2, 0x83, 0x19, 0x9b, 247 0xc4, 0x1e, 0x2f, 0x50, 0x3d, 0xdf, 0x5a, 0xa2, 0x18, 0xca, 0x5f, 0x2e, 248 0x49, 0xaf, 0x6f, 0xcc, 0xfa, 0x65, 0x77, 0x94, 0xb5, 0xa1, 0x0a, 0xa9, 249 0xd1, 0x8a, 0x39, 0x37, 0xf4, 0x0b, 0xa0, 0xd7, 0x82, 0x27, 0x5e, 0xae, 250 0x17, 0x17, 0xa1, 0x1e, 0x54, 0x34, 0xbf, 0x6e, 0xc4, 0x8e, 0x99, 0x5d, 251 0x08, 0xf1, 0x2d, 0x86, 0x9d, 0xa5, 0x20, 0x1b, 0xe5, 0xdf, 252 }; 253 254 #ifndef OPENSSL_NO_EC 255 /* 256 * kExampleECKeyDER is a sample EC private key encoded as an ECPrivateKey 257 * structure. 258 */ 259 static const unsigned char kExampleECKeyDER[] = { 260 0x30, 0x77, 0x02, 0x01, 0x01, 0x04, 0x20, 0x07, 0x0f, 0x08, 0x72, 0x7a, 261 0xd4, 0xa0, 0x4a, 0x9c, 0xdd, 0x59, 0xc9, 0x4d, 0x89, 0x68, 0x77, 0x08, 262 0xb5, 0x6f, 0xc9, 0x5d, 0x30, 0x77, 0x0e, 0xe8, 0xd1, 0xc9, 0xce, 0x0a, 263 0x8b, 0xb4, 0x6a, 0xa0, 0x0a, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 264 0x03, 0x01, 0x07, 0xa1, 0x44, 0x03, 0x42, 0x00, 0x04, 0xe6, 0x2b, 0x69, 265 0xe2, 0xbf, 0x65, 0x9f, 0x97, 0xbe, 0x2f, 0x1e, 0x0d, 0x94, 0x8a, 0x4c, 266 0xd5, 0x97, 0x6b, 0xb7, 0xa9, 0x1e, 0x0d, 0x46, 0xfb, 0xdd, 0xa9, 0xa9, 267 0x1e, 0x9d, 0xdc, 0xba, 0x5a, 0x01, 0xe7, 0xd6, 0x97, 0xa8, 0x0a, 0x18, 268 0xf9, 0xc3, 0xc4, 0xa3, 0x1e, 0x56, 0xe2, 0x7c, 0x83, 0x48, 0xdb, 0x16, 269 0x1a, 0x1c, 0xf5, 0x1d, 0x7e, 0xf1, 0x94, 0x2d, 0x4b, 0xcf, 0x72, 0x22, 270 0xc1, 271 }; 272 273 /* 274 * kExampleBadECKeyDER is a sample EC private key encoded as an ECPrivateKey 275 * structure. The private key is equal to the order and will fail to import 276 */ 277 static const unsigned char kExampleBadECKeyDER[] = { 278 0x30, 0x66, 0x02, 0x01, 0x00, 0x30, 0x13, 0x06, 0x07, 0x2A, 0x86, 0x48, 279 0xCE, 0x3D, 0x02, 0x01, 0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x03, 280 0x01, 0x07, 0x04, 0x4C, 0x30, 0x4A, 0x02, 0x01, 0x01, 0x04, 0x20, 0xFF, 281 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 282 0xFF, 0xFF, 0xFF, 0xBC, 0xE6, 0xFA, 0xAD, 0xA7, 0x17, 0x9E, 0x84, 0xF3, 283 0xB9, 0xCA, 0xC2, 0xFC, 0x63, 0x25, 0x51, 0xA1, 0x23, 0x03, 0x21, 0x00, 284 0x00, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF, 285 0xFF, 0xFF, 0xFF, 0xFF, 0xBC, 0xE6, 0xFA, 0xAD, 0xA7, 0x17, 0x9E, 0x84, 286 0xF3, 0xB9, 0xCA, 0xC2, 0xFC, 0x63, 0x25, 0x51 287 }; 288 289 /* prime256v1 */ 290 static const unsigned char kExampleECPubKeyDER[] = { 291 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02, 292 0x01, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, 0x03, 293 0x42, 0x00, 0x04, 0xba, 0xeb, 0x83, 0xfb, 0x3b, 0xb2, 0xff, 0x30, 0x53, 294 0xdb, 0xce, 0x32, 0xf2, 0xac, 0xae, 0x44, 0x0d, 0x3d, 0x13, 0x53, 0xb8, 295 0xd1, 0x68, 0x55, 0xde, 0x44, 0x46, 0x05, 0xa6, 0xc9, 0xd2, 0x04, 0xb7, 296 0xe3, 0xa2, 0x96, 0xc8, 0xb2, 0x5e, 0x22, 0x03, 0xd7, 0x03, 0x7a, 0x8b, 297 0x13, 0x5c, 0x42, 0x49, 0xc2, 0xab, 0x86, 0xd6, 0xac, 0x6b, 0x93, 0x20, 298 0x56, 0x6a, 0xc6, 0xc8, 0xa5, 0x0b, 0xe5 299 }; 300 301 static const unsigned char pExampleECParamDER[] = { 302 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07 303 }; 304 #endif 305 306 typedef struct APK_DATA_st { 307 const unsigned char *kder; 308 size_t size; 309 int evptype; 310 int check; 311 int pub_check; 312 int param_check; 313 int type; /* 0 for private, 1 for public, 2 for params */ 314 } APK_DATA; 315 316 static APK_DATA keydata[] = { 317 {kExampleRSAKeyDER, sizeof(kExampleRSAKeyDER), EVP_PKEY_RSA}, 318 {kExampleRSAKeyPKCS8, sizeof(kExampleRSAKeyPKCS8), EVP_PKEY_RSA}, 319 #ifndef OPENSSL_NO_EC 320 {kExampleECKeyDER, sizeof(kExampleECKeyDER), EVP_PKEY_EC} 321 #endif 322 }; 323 324 static APK_DATA keycheckdata[] = { 325 {kExampleRSAKeyDER, sizeof(kExampleRSAKeyDER), EVP_PKEY_RSA, 1, -2, -2, 0}, 326 {kExampleBadRSAKeyDER, sizeof(kExampleBadRSAKeyDER), EVP_PKEY_RSA, 327 0, -2, -2, 0}, 328 #ifndef OPENSSL_NO_EC 329 {kExampleECKeyDER, sizeof(kExampleECKeyDER), EVP_PKEY_EC, 1, 1, 1, 0}, 330 /* group is also associated in our pub key */ 331 {kExampleECPubKeyDER, sizeof(kExampleECPubKeyDER), EVP_PKEY_EC, 0, 1, 1, 1}, 332 {pExampleECParamDER, sizeof(pExampleECParamDER), EVP_PKEY_EC, 0, 0, 1, 2} 333 #endif 334 }; 335 336 static EVP_PKEY *load_example_rsa_key(void) 337 { 338 EVP_PKEY *ret = NULL; 339 const unsigned char *derp = kExampleRSAKeyDER; 340 EVP_PKEY *pkey = NULL; 341 RSA *rsa = NULL; 342 343 if (!TEST_true(d2i_RSAPrivateKey(&rsa, &derp, sizeof(kExampleRSAKeyDER)))) 344 return NULL; 345 346 if (!TEST_ptr(pkey = EVP_PKEY_new()) 347 || !TEST_true(EVP_PKEY_set1_RSA(pkey, rsa))) 348 goto end; 349 350 ret = pkey; 351 pkey = NULL; 352 353 end: 354 EVP_PKEY_free(pkey); 355 RSA_free(rsa); 356 357 return ret; 358 } 359 360 static int test_EVP_Enveloped(void) 361 { 362 int ret = 0; 363 EVP_CIPHER_CTX *ctx = NULL; 364 EVP_PKEY *keypair = NULL; 365 unsigned char *kek = NULL; 366 unsigned char iv[EVP_MAX_IV_LENGTH]; 367 static const unsigned char msg[] = { 1, 2, 3, 4, 5, 6, 7, 8 }; 368 int len, kek_len, ciphertext_len, plaintext_len; 369 unsigned char ciphertext[32], plaintext[16]; 370 const EVP_CIPHER *type = EVP_aes_256_cbc(); 371 372 if (!TEST_ptr(keypair = load_example_rsa_key()) 373 || !TEST_ptr(kek = OPENSSL_zalloc(EVP_PKEY_size(keypair))) 374 || !TEST_ptr(ctx = EVP_CIPHER_CTX_new()) 375 || !TEST_true(EVP_SealInit(ctx, type, &kek, &kek_len, iv, 376 &keypair, 1)) 377 || !TEST_true(EVP_SealUpdate(ctx, ciphertext, &ciphertext_len, 378 msg, sizeof(msg))) 379 || !TEST_true(EVP_SealFinal(ctx, ciphertext + ciphertext_len, 380 &len))) 381 goto err; 382 383 ciphertext_len += len; 384 385 if (!TEST_true(EVP_OpenInit(ctx, type, kek, kek_len, iv, keypair)) 386 || !TEST_true(EVP_OpenUpdate(ctx, plaintext, &plaintext_len, 387 ciphertext, ciphertext_len)) 388 || !TEST_true(EVP_OpenFinal(ctx, plaintext + plaintext_len, &len))) 389 goto err; 390 391 plaintext_len += len; 392 if (!TEST_mem_eq(msg, sizeof(msg), plaintext, plaintext_len)) 393 goto err; 394 395 ret = 1; 396 err: 397 OPENSSL_free(kek); 398 EVP_PKEY_free(keypair); 399 EVP_CIPHER_CTX_free(ctx); 400 return ret; 401 } 402 403 404 static int test_EVP_DigestSignInit(void) 405 { 406 int ret = 0; 407 EVP_PKEY *pkey = NULL; 408 unsigned char *sig = NULL; 409 size_t sig_len = 0; 410 EVP_MD_CTX *md_ctx, *md_ctx_verify = NULL; 411 412 if (!TEST_ptr(md_ctx = EVP_MD_CTX_new()) 413 || !TEST_ptr(md_ctx_verify = EVP_MD_CTX_new()) 414 || !TEST_ptr(pkey = load_example_rsa_key())) 415 goto out; 416 417 if (!TEST_true(EVP_DigestSignInit(md_ctx, NULL, EVP_sha256(), NULL, pkey)) 418 || !TEST_true(EVP_DigestSignUpdate(md_ctx, kMsg, sizeof(kMsg)))) 419 goto out; 420 421 /* Determine the size of the signature. */ 422 if (!TEST_true(EVP_DigestSignFinal(md_ctx, NULL, &sig_len)) 423 || !TEST_size_t_eq(sig_len, (size_t)EVP_PKEY_size(pkey))) 424 goto out; 425 426 if (!TEST_ptr(sig = OPENSSL_malloc(sig_len)) 427 || !TEST_true(EVP_DigestSignFinal(md_ctx, sig, &sig_len))) 428 goto out; 429 430 /* Ensure that the signature round-trips. */ 431 if (!TEST_true(EVP_DigestVerifyInit(md_ctx_verify, NULL, EVP_sha256(), 432 NULL, pkey)) 433 || !TEST_true(EVP_DigestVerifyUpdate(md_ctx_verify, 434 kMsg, sizeof(kMsg))) 435 || !TEST_true(EVP_DigestVerifyFinal(md_ctx_verify, sig, sig_len))) 436 goto out; 437 438 ret = 1; 439 440 out: 441 EVP_MD_CTX_free(md_ctx); 442 EVP_MD_CTX_free(md_ctx_verify); 443 EVP_PKEY_free(pkey); 444 OPENSSL_free(sig); 445 446 return ret; 447 } 448 449 static int test_EVP_DigestVerifyInit(void) 450 { 451 int ret = 0; 452 EVP_PKEY *pkey = NULL; 453 EVP_MD_CTX *md_ctx = NULL; 454 455 if (!TEST_ptr(md_ctx = EVP_MD_CTX_new()) 456 || !TEST_ptr(pkey = load_example_rsa_key())) 457 goto out; 458 459 if (!TEST_true(EVP_DigestVerifyInit(md_ctx, NULL, EVP_sha256(), NULL, pkey)) 460 || !TEST_true(EVP_DigestVerifyUpdate(md_ctx, kMsg, sizeof(kMsg))) 461 || !TEST_true(EVP_DigestVerifyFinal(md_ctx, kSignature, 462 sizeof(kSignature)))) 463 goto out; 464 ret = 1; 465 466 out: 467 EVP_MD_CTX_free(md_ctx); 468 EVP_PKEY_free(pkey); 469 return ret; 470 } 471 472 static int test_d2i_AutoPrivateKey(int i) 473 { 474 int ret = 0; 475 const unsigned char *p; 476 EVP_PKEY *pkey = NULL; 477 const APK_DATA *ak = &keydata[i]; 478 const unsigned char *input = ak->kder; 479 size_t input_len = ak->size; 480 int expected_id = ak->evptype; 481 482 p = input; 483 if (!TEST_ptr(pkey = d2i_AutoPrivateKey(NULL, &p, input_len)) 484 || !TEST_ptr_eq(p, input + input_len) 485 || !TEST_int_eq(EVP_PKEY_id(pkey), expected_id)) 486 goto done; 487 488 ret = 1; 489 490 done: 491 EVP_PKEY_free(pkey); 492 return ret; 493 } 494 495 #ifndef OPENSSL_NO_EC 496 /* Tests loading a bad key in PKCS8 format */ 497 static int test_EVP_PKCS82PKEY(void) 498 { 499 int ret = 0; 500 const unsigned char *derp = kExampleBadECKeyDER; 501 PKCS8_PRIV_KEY_INFO *p8inf = NULL; 502 EVP_PKEY *pkey = NULL; 503 504 if (!TEST_ptr(p8inf = d2i_PKCS8_PRIV_KEY_INFO(NULL, &derp, 505 sizeof(kExampleBadECKeyDER)))) 506 goto done; 507 508 if (!TEST_ptr_eq(derp, 509 kExampleBadECKeyDER + sizeof(kExampleBadECKeyDER))) 510 goto done; 511 512 if (!TEST_ptr_null(pkey = EVP_PKCS82PKEY(p8inf))) 513 goto done; 514 515 ret = 1; 516 517 done: 518 PKCS8_PRIV_KEY_INFO_free(p8inf); 519 EVP_PKEY_free(pkey); 520 521 return ret; 522 } 523 #endif 524 525 #ifndef OPENSSL_NO_SM2 526 527 static int test_EVP_SM2_verify(void) 528 { 529 /* From https://tools.ietf.org/html/draft-shen-sm2-ecdsa-02#appendix-A */ 530 const char *pubkey = 531 "-----BEGIN PUBLIC KEY-----\n" 532 "MIIBMzCB7AYHKoZIzj0CATCB4AIBATAsBgcqhkjOPQEBAiEAhULWnkwETxjouSQ1\n" 533 "v2/33kVyg5FcRVF9ci7biwjx38MwRAQgeHlotPoyw/0kF4Quc7v+/y88hItoMdfg\n" 534 "7GUiizk35JgEIGPkxtOyOwyEnPhCQUhL/kj2HVmlsWugbm4S0donxSSaBEEEQh3r\n" 535 "1hti6rZ0ZDTrw8wxXjIiCzut1QvcTE5sFH/t1D0GgFEry7QsB9RzSdIVO3DE5df9\n" 536 "/L+jbqGoWEG55G4JogIhAIVC1p5MBE8Y6LkkNb9v990pdyBjBIVijVrnTufDLnm3\n" 537 "AgEBA0IABArkx3mKoPEZRxvuEYJb5GICu3nipYRElel8BP9N8lSKfAJA+I8c1OFj\n" 538 "Uqc8F7fxbwc1PlOhdtaEqf4Ma7eY6Fc=\n" 539 "-----END PUBLIC KEY-----\n"; 540 541 const char *msg = "message digest"; 542 const char *id = "ALICE123@YAHOO.COM"; 543 544 const uint8_t signature[] = { 545 0x30, 0x44, 0x02, 0x20, 546 547 0x40, 0xF1, 0xEC, 0x59, 0xF7, 0x93, 0xD9, 0xF4, 0x9E, 0x09, 0xDC, 548 0xEF, 0x49, 0x13, 0x0D, 0x41, 0x94, 0xF7, 0x9F, 0xB1, 0xEE, 0xD2, 549 0xCA, 0xA5, 0x5B, 0xAC, 0xDB, 0x49, 0xC4, 0xE7, 0x55, 0xD1, 550 551 0x02, 0x20, 552 553 0x6F, 0xC6, 0xDA, 0xC3, 0x2C, 0x5D, 0x5C, 0xF1, 0x0C, 0x77, 0xDF, 554 0xB2, 0x0F, 0x7C, 0x2E, 0xB6, 0x67, 0xA4, 0x57, 0x87, 0x2F, 0xB0, 555 0x9E, 0xC5, 0x63, 0x27, 0xA6, 0x7E, 0xC7, 0xDE, 0xEB, 0xE7 556 }; 557 558 int rc = 0; 559 BIO *bio = NULL; 560 EVP_PKEY *pkey = NULL; 561 EVP_MD_CTX *mctx = NULL; 562 EVP_PKEY_CTX *pctx = NULL; 563 564 bio = BIO_new_mem_buf(pubkey, strlen(pubkey)); 565 if (!TEST_true(bio != NULL)) 566 goto done; 567 568 pkey = PEM_read_bio_PUBKEY(bio, NULL, NULL, NULL); 569 if (!TEST_true(pkey != NULL)) 570 goto done; 571 572 if (!TEST_true(EVP_PKEY_set_alias_type(pkey, EVP_PKEY_SM2))) 573 goto done; 574 575 if (!TEST_ptr(mctx = EVP_MD_CTX_new())) 576 goto done; 577 578 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new(pkey, NULL))) 579 goto done; 580 581 if (!TEST_int_gt(EVP_PKEY_CTX_set1_id(pctx, (const uint8_t *)id, 582 strlen(id)), 0)) 583 goto done; 584 585 EVP_MD_CTX_set_pkey_ctx(mctx, pctx); 586 587 if (!TEST_true(EVP_DigestVerifyInit(mctx, NULL, EVP_sm3(), NULL, pkey))) 588 goto done; 589 590 if (!TEST_true(EVP_DigestVerifyUpdate(mctx, msg, strlen(msg)))) 591 goto done; 592 593 if (!TEST_true(EVP_DigestVerifyFinal(mctx, signature, sizeof(signature)))) 594 goto done; 595 rc = 1; 596 597 done: 598 BIO_free(bio); 599 EVP_PKEY_free(pkey); 600 EVP_PKEY_CTX_free(pctx); 601 EVP_MD_CTX_free(mctx); 602 return rc; 603 } 604 605 static int test_EVP_SM2(void) 606 { 607 int ret = 0; 608 EVP_PKEY *pkey = NULL; 609 EVP_PKEY *params = NULL; 610 EVP_PKEY_CTX *pctx = NULL; 611 EVP_PKEY_CTX *kctx = NULL; 612 EVP_PKEY_CTX *sctx = NULL; 613 size_t sig_len = 0; 614 unsigned char *sig = NULL; 615 EVP_MD_CTX *md_ctx = NULL; 616 EVP_MD_CTX *md_ctx_verify = NULL; 617 EVP_PKEY_CTX *cctx = NULL; 618 619 uint8_t ciphertext[128]; 620 size_t ctext_len = sizeof(ciphertext); 621 622 uint8_t plaintext[8]; 623 size_t ptext_len = sizeof(plaintext); 624 625 uint8_t sm2_id[] = {1, 2, 3, 4, 'l', 'e', 't', 't', 'e', 'r'}; 626 627 pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_EC, NULL); 628 if (!TEST_ptr(pctx)) 629 goto done; 630 631 if (!TEST_true(EVP_PKEY_paramgen_init(pctx) == 1)) 632 goto done; 633 634 if (!TEST_true(EVP_PKEY_CTX_set_ec_paramgen_curve_nid(pctx, NID_sm2))) 635 goto done; 636 637 if (!TEST_true(EVP_PKEY_paramgen(pctx, ¶ms))) 638 goto done; 639 640 kctx = EVP_PKEY_CTX_new(params, NULL); 641 if (!TEST_ptr(kctx)) 642 goto done; 643 644 if (!TEST_true(EVP_PKEY_keygen_init(kctx))) 645 goto done; 646 647 if (!TEST_true(EVP_PKEY_keygen(kctx, &pkey))) 648 goto done; 649 650 if (!TEST_true(EVP_PKEY_set_alias_type(pkey, EVP_PKEY_SM2))) 651 goto done; 652 653 if (!TEST_ptr(md_ctx = EVP_MD_CTX_new())) 654 goto done; 655 656 if (!TEST_ptr(md_ctx_verify = EVP_MD_CTX_new())) 657 goto done; 658 659 if (!TEST_ptr(sctx = EVP_PKEY_CTX_new(pkey, NULL))) 660 goto done; 661 662 EVP_MD_CTX_set_pkey_ctx(md_ctx, sctx); 663 EVP_MD_CTX_set_pkey_ctx(md_ctx_verify, sctx); 664 665 if (!TEST_int_gt(EVP_PKEY_CTX_set1_id(sctx, sm2_id, sizeof(sm2_id)), 0)) 666 goto done; 667 668 if (!TEST_true(EVP_DigestSignInit(md_ctx, NULL, EVP_sm3(), NULL, pkey))) 669 goto done; 670 671 if(!TEST_true(EVP_DigestSignUpdate(md_ctx, kMsg, sizeof(kMsg)))) 672 goto done; 673 674 /* Determine the size of the signature. */ 675 if (!TEST_true(EVP_DigestSignFinal(md_ctx, NULL, &sig_len))) 676 goto done; 677 678 if (!TEST_size_t_eq(sig_len, (size_t)EVP_PKEY_size(pkey))) 679 goto done; 680 681 if (!TEST_ptr(sig = OPENSSL_malloc(sig_len))) 682 goto done; 683 684 if (!TEST_true(EVP_DigestSignFinal(md_ctx, sig, &sig_len))) 685 goto done; 686 687 /* Ensure that the signature round-trips. */ 688 689 if (!TEST_true(EVP_DigestVerifyInit(md_ctx_verify, NULL, EVP_sm3(), NULL, pkey))) 690 goto done; 691 692 if (!TEST_true(EVP_DigestVerifyUpdate(md_ctx_verify, kMsg, sizeof(kMsg)))) 693 goto done; 694 695 if (!TEST_true(EVP_DigestVerifyFinal(md_ctx_verify, sig, sig_len))) 696 goto done; 697 698 /* now check encryption/decryption */ 699 700 if (!TEST_ptr(cctx = EVP_PKEY_CTX_new(pkey, NULL))) 701 goto done; 702 703 if (!TEST_true(EVP_PKEY_encrypt_init(cctx))) 704 goto done; 705 706 if (!TEST_true(EVP_PKEY_encrypt(cctx, ciphertext, &ctext_len, kMsg, sizeof(kMsg)))) 707 goto done; 708 709 if (!TEST_true(EVP_PKEY_decrypt_init(cctx))) 710 goto done; 711 712 if (!TEST_true(EVP_PKEY_decrypt(cctx, plaintext, &ptext_len, ciphertext, ctext_len))) 713 goto done; 714 715 if (!TEST_true(ptext_len == sizeof(kMsg))) 716 goto done; 717 718 if (!TEST_true(memcmp(plaintext, kMsg, sizeof(kMsg)) == 0)) 719 goto done; 720 721 ret = 1; 722 done: 723 EVP_PKEY_CTX_free(pctx); 724 EVP_PKEY_CTX_free(kctx); 725 EVP_PKEY_CTX_free(sctx); 726 EVP_PKEY_CTX_free(cctx); 727 EVP_PKEY_free(pkey); 728 EVP_PKEY_free(params); 729 EVP_MD_CTX_free(md_ctx); 730 EVP_MD_CTX_free(md_ctx_verify); 731 OPENSSL_free(sig); 732 return ret; 733 } 734 735 #endif 736 737 static struct keys_st { 738 int type; 739 char *priv; 740 char *pub; 741 } keys[] = { 742 { 743 EVP_PKEY_HMAC, "0123456789", NULL 744 }, { 745 EVP_PKEY_POLY1305, "01234567890123456789012345678901", NULL 746 }, { 747 EVP_PKEY_SIPHASH, "0123456789012345", NULL 748 }, 749 #ifndef OPENSSL_NO_EC 750 { 751 EVP_PKEY_X25519, "01234567890123456789012345678901", 752 "abcdefghijklmnopqrstuvwxyzabcdef" 753 }, { 754 EVP_PKEY_ED25519, "01234567890123456789012345678901", 755 "abcdefghijklmnopqrstuvwxyzabcdef" 756 }, { 757 EVP_PKEY_X448, 758 "01234567890123456789012345678901234567890123456789012345", 759 "abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcd" 760 }, { 761 EVP_PKEY_ED448, 762 "012345678901234567890123456789012345678901234567890123456", 763 "abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcde" 764 } 765 #endif 766 }; 767 768 static int test_set_get_raw_keys_int(int tst, int pub) 769 { 770 int ret = 0; 771 unsigned char buf[80]; 772 unsigned char *in; 773 size_t inlen, len = 0; 774 EVP_PKEY *pkey; 775 776 /* Check if this algorithm supports public keys */ 777 if (keys[tst].pub == NULL) 778 return 1; 779 780 memset(buf, 0, sizeof(buf)); 781 782 if (pub) { 783 inlen = strlen(keys[tst].pub); 784 in = (unsigned char *)keys[tst].pub; 785 pkey = EVP_PKEY_new_raw_public_key(keys[tst].type, 786 NULL, 787 in, 788 inlen); 789 } else { 790 inlen = strlen(keys[tst].priv); 791 in = (unsigned char *)keys[tst].priv; 792 pkey = EVP_PKEY_new_raw_private_key(keys[tst].type, 793 NULL, 794 in, 795 inlen); 796 } 797 798 if (!TEST_ptr(pkey) 799 || (!pub && !TEST_true(EVP_PKEY_get_raw_private_key(pkey, NULL, &len))) 800 || (pub && !TEST_true(EVP_PKEY_get_raw_public_key(pkey, NULL, &len))) 801 || !TEST_true(len == inlen) 802 || (!pub && !TEST_true(EVP_PKEY_get_raw_private_key(pkey, buf, &len))) 803 || (pub && !TEST_true(EVP_PKEY_get_raw_public_key(pkey, buf, &len))) 804 || !TEST_mem_eq(in, inlen, buf, len)) 805 goto done; 806 807 ret = 1; 808 done: 809 EVP_PKEY_free(pkey); 810 return ret; 811 } 812 813 static int test_set_get_raw_keys(int tst) 814 { 815 return test_set_get_raw_keys_int(tst, 0) 816 && test_set_get_raw_keys_int(tst, 1); 817 } 818 819 static int pkey_custom_check(EVP_PKEY *pkey) 820 { 821 return 0xbeef; 822 } 823 824 static int pkey_custom_pub_check(EVP_PKEY *pkey) 825 { 826 return 0xbeef; 827 } 828 829 static int pkey_custom_param_check(EVP_PKEY *pkey) 830 { 831 return 0xbeef; 832 } 833 834 static EVP_PKEY_METHOD *custom_pmeth; 835 836 static int test_EVP_PKEY_check(int i) 837 { 838 int ret = 0; 839 const unsigned char *p; 840 EVP_PKEY *pkey = NULL; 841 #ifndef OPENSSL_NO_EC 842 EC_KEY *eckey = NULL; 843 #endif 844 EVP_PKEY_CTX *ctx = NULL; 845 EVP_PKEY_CTX *ctx2 = NULL; 846 const APK_DATA *ak = &keycheckdata[i]; 847 const unsigned char *input = ak->kder; 848 size_t input_len = ak->size; 849 int expected_id = ak->evptype; 850 int expected_check = ak->check; 851 int expected_pub_check = ak->pub_check; 852 int expected_param_check = ak->param_check; 853 int type = ak->type; 854 BIO *pubkey = NULL; 855 856 p = input; 857 858 switch (type) { 859 case 0: 860 if (!TEST_ptr(pkey = d2i_AutoPrivateKey(NULL, &p, input_len)) 861 || !TEST_ptr_eq(p, input + input_len) 862 || !TEST_int_eq(EVP_PKEY_id(pkey), expected_id)) 863 goto done; 864 break; 865 #ifndef OPENSSL_NO_EC 866 case 1: 867 if (!TEST_ptr(pubkey = BIO_new_mem_buf(input, input_len)) 868 || !TEST_ptr(eckey = d2i_EC_PUBKEY_bio(pubkey, NULL)) 869 || !TEST_ptr(pkey = EVP_PKEY_new()) 870 || !TEST_true(EVP_PKEY_assign_EC_KEY(pkey, eckey))) 871 goto done; 872 break; 873 case 2: 874 if (!TEST_ptr(eckey = d2i_ECParameters(NULL, &p, input_len)) 875 || !TEST_ptr_eq(p, input + input_len) 876 || !TEST_ptr(pkey = EVP_PKEY_new()) 877 || !TEST_true(EVP_PKEY_assign_EC_KEY(pkey, eckey))) 878 goto done; 879 break; 880 #endif 881 default: 882 return 0; 883 } 884 885 if (!TEST_ptr(ctx = EVP_PKEY_CTX_new(pkey, NULL))) 886 goto done; 887 888 if (!TEST_int_eq(EVP_PKEY_check(ctx), expected_check)) 889 goto done; 890 891 if (!TEST_int_eq(EVP_PKEY_public_check(ctx), expected_pub_check)) 892 goto done; 893 894 if (!TEST_int_eq(EVP_PKEY_param_check(ctx), expected_param_check)) 895 goto done; 896 897 ctx2 = EVP_PKEY_CTX_new_id(0xdefaced, NULL); 898 /* assign the pkey directly, as an internal test */ 899 EVP_PKEY_up_ref(pkey); 900 ctx2->pkey = pkey; 901 902 if (!TEST_int_eq(EVP_PKEY_check(ctx2), 0xbeef)) 903 goto done; 904 905 if (!TEST_int_eq(EVP_PKEY_public_check(ctx2), 0xbeef)) 906 goto done; 907 908 if (!TEST_int_eq(EVP_PKEY_param_check(ctx2), 0xbeef)) 909 goto done; 910 911 ret = 1; 912 913 done: 914 EVP_PKEY_CTX_free(ctx); 915 EVP_PKEY_CTX_free(ctx2); 916 EVP_PKEY_free(pkey); 917 BIO_free(pubkey); 918 return ret; 919 } 920 921 int setup_tests(void) 922 { 923 ADD_TEST(test_EVP_DigestSignInit); 924 ADD_TEST(test_EVP_DigestVerifyInit); 925 ADD_TEST(test_EVP_Enveloped); 926 ADD_ALL_TESTS(test_d2i_AutoPrivateKey, OSSL_NELEM(keydata)); 927 #ifndef OPENSSL_NO_EC 928 ADD_TEST(test_EVP_PKCS82PKEY); 929 #endif 930 #ifndef OPENSSL_NO_SM2 931 ADD_TEST(test_EVP_SM2); 932 ADD_TEST(test_EVP_SM2_verify); 933 #endif 934 ADD_ALL_TESTS(test_set_get_raw_keys, OSSL_NELEM(keys)); 935 custom_pmeth = EVP_PKEY_meth_new(0xdefaced, 0); 936 if (!TEST_ptr(custom_pmeth)) 937 return 0; 938 EVP_PKEY_meth_set_check(custom_pmeth, pkey_custom_check); 939 EVP_PKEY_meth_set_public_check(custom_pmeth, pkey_custom_pub_check); 940 EVP_PKEY_meth_set_param_check(custom_pmeth, pkey_custom_param_check); 941 if (!TEST_int_eq(EVP_PKEY_meth_add0(custom_pmeth), 1)) 942 return 0; 943 ADD_ALL_TESTS(test_EVP_PKEY_check, OSSL_NELEM(keycheckdata)); 944 return 1; 945 } 946