1 /* 2 * Copyright 2015-2021 The OpenSSL Project Authors. All Rights Reserved. 3 * 4 * Licensed under the OpenSSL license (the "License"). You may not use 5 * this file except in compliance with the License. You can obtain a copy 6 * in the file LICENSE in the source distribution or at 7 * https://www.openssl.org/source/license.html 8 */ 9 10 #include <stdio.h> 11 #include <stdlib.h> 12 #include <string.h> 13 #include <openssl/aes.h> 14 #include <openssl/bio.h> 15 #include <openssl/crypto.h> 16 #include <openssl/err.h> 17 #include <openssl/evp.h> 18 #include <openssl/rsa.h> 19 #include <openssl/x509.h> 20 #include <openssl/pem.h> 21 #include <openssl/kdf.h> 22 #include <openssl/dh.h> 23 #include <openssl/engine.h> 24 #include "testutil.h" 25 #include "internal/nelem.h" 26 #include "crypto/evp.h" 27 28 /* 29 * kExampleRSAKeyDER is an RSA private key in ASN.1, DER format. Of course, you 30 * should never use this key anywhere but in an example. 31 */ 32 static const unsigned char kExampleRSAKeyDER[] = { 33 0x30, 0x82, 0x02, 0x5c, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81, 0x00, 0xf8, 34 0xb8, 0x6c, 0x83, 0xb4, 0xbc, 0xd9, 0xa8, 0x57, 0xc0, 0xa5, 0xb4, 0x59, 35 0x76, 0x8c, 0x54, 0x1d, 0x79, 0xeb, 0x22, 0x52, 0x04, 0x7e, 0xd3, 0x37, 36 0xeb, 0x41, 0xfd, 0x83, 0xf9, 0xf0, 0xa6, 0x85, 0x15, 0x34, 0x75, 0x71, 37 0x5a, 0x84, 0xa8, 0x3c, 0xd2, 0xef, 0x5a, 0x4e, 0xd3, 0xde, 0x97, 0x8a, 38 0xdd, 0xff, 0xbb, 0xcf, 0x0a, 0xaa, 0x86, 0x92, 0xbe, 0xb8, 0x50, 0xe4, 39 0xcd, 0x6f, 0x80, 0x33, 0x30, 0x76, 0x13, 0x8f, 0xca, 0x7b, 0xdc, 0xec, 40 0x5a, 0xca, 0x63, 0xc7, 0x03, 0x25, 0xef, 0xa8, 0x8a, 0x83, 0x58, 0x76, 41 0x20, 0xfa, 0x16, 0x77, 0xd7, 0x79, 0x92, 0x63, 0x01, 0x48, 0x1a, 0xd8, 42 0x7b, 0x67, 0xf1, 0x52, 0x55, 0x49, 0x4e, 0xd6, 0x6e, 0x4a, 0x5c, 0xd7, 43 0x7a, 0x37, 0x36, 0x0c, 0xde, 0xdd, 0x8f, 0x44, 0xe8, 0xc2, 0xa7, 0x2c, 44 0x2b, 0xb5, 0xaf, 0x64, 0x4b, 0x61, 0x07, 0x02, 0x03, 0x01, 0x00, 0x01, 45 0x02, 0x81, 0x80, 0x74, 0x88, 0x64, 0x3f, 0x69, 0x45, 0x3a, 0x6d, 0xc7, 46 0x7f, 0xb9, 0xa3, 0xc0, 0x6e, 0xec, 0xdc, 0xd4, 0x5a, 0xb5, 0x32, 0x85, 47 0x5f, 0x19, 0xd4, 0xf8, 0xd4, 0x3f, 0x3c, 0xfa, 0xc2, 0xf6, 0x5f, 0xee, 48 0xe6, 0xba, 0x87, 0x74, 0x2e, 0xc7, 0x0c, 0xd4, 0x42, 0xb8, 0x66, 0x85, 49 0x9c, 0x7b, 0x24, 0x61, 0xaa, 0x16, 0x11, 0xf6, 0xb5, 0xb6, 0xa4, 0x0a, 50 0xc9, 0x55, 0x2e, 0x81, 0xa5, 0x47, 0x61, 0xcb, 0x25, 0x8f, 0xc2, 0x15, 51 0x7b, 0x0e, 0x7c, 0x36, 0x9f, 0x3a, 0xda, 0x58, 0x86, 0x1c, 0x5b, 0x83, 52 0x79, 0xe6, 0x2b, 0xcc, 0xe6, 0xfa, 0x2c, 0x61, 0xf2, 0x78, 0x80, 0x1b, 53 0xe2, 0xf3, 0x9d, 0x39, 0x2b, 0x65, 0x57, 0x91, 0x3d, 0x71, 0x99, 0x73, 54 0xa5, 0xc2, 0x79, 0x20, 0x8c, 0x07, 0x4f, 0xe5, 0xb4, 0x60, 0x1f, 0x99, 55 0xa2, 0xb1, 0x4f, 0x0c, 0xef, 0xbc, 0x59, 0x53, 0x00, 0x7d, 0xb1, 0x02, 56 0x41, 0x00, 0xfc, 0x7e, 0x23, 0x65, 0x70, 0xf8, 0xce, 0xd3, 0x40, 0x41, 57 0x80, 0x6a, 0x1d, 0x01, 0xd6, 0x01, 0xff, 0xb6, 0x1b, 0x3d, 0x3d, 0x59, 58 0x09, 0x33, 0x79, 0xc0, 0x4f, 0xde, 0x96, 0x27, 0x4b, 0x18, 0xc6, 0xd9, 59 0x78, 0xf1, 0xf4, 0x35, 0x46, 0xe9, 0x7c, 0x42, 0x7a, 0x5d, 0x9f, 0xef, 60 0x54, 0xb8, 0xf7, 0x9f, 0xc4, 0x33, 0x6c, 0xf3, 0x8c, 0x32, 0x46, 0x87, 61 0x67, 0x30, 0x7b, 0xa7, 0xac, 0xe3, 0x02, 0x41, 0x00, 0xfc, 0x2c, 0xdf, 62 0x0c, 0x0d, 0x88, 0xf5, 0xb1, 0x92, 0xa8, 0x93, 0x47, 0x63, 0x55, 0xf5, 63 0xca, 0x58, 0x43, 0xba, 0x1c, 0xe5, 0x9e, 0xb6, 0x95, 0x05, 0xcd, 0xb5, 64 0x82, 0xdf, 0xeb, 0x04, 0x53, 0x9d, 0xbd, 0xc2, 0x38, 0x16, 0xb3, 0x62, 65 0xdd, 0xa1, 0x46, 0xdb, 0x6d, 0x97, 0x93, 0x9f, 0x8a, 0xc3, 0x9b, 0x64, 66 0x7e, 0x42, 0xe3, 0x32, 0x57, 0x19, 0x1b, 0xd5, 0x6e, 0x85, 0xfa, 0xb8, 67 0x8d, 0x02, 0x41, 0x00, 0xbc, 0x3d, 0xde, 0x6d, 0xd6, 0x97, 0xe8, 0xba, 68 0x9e, 0x81, 0x37, 0x17, 0xe5, 0xa0, 0x64, 0xc9, 0x00, 0xb7, 0xe7, 0xfe, 69 0xf4, 0x29, 0xd9, 0x2e, 0x43, 0x6b, 0x19, 0x20, 0xbd, 0x99, 0x75, 0xe7, 70 0x76, 0xf8, 0xd3, 0xae, 0xaf, 0x7e, 0xb8, 0xeb, 0x81, 0xf4, 0x9d, 0xfe, 71 0x07, 0x2b, 0x0b, 0x63, 0x0b, 0x5a, 0x55, 0x90, 0x71, 0x7d, 0xf1, 0xdb, 72 0xd9, 0xb1, 0x41, 0x41, 0x68, 0x2f, 0x4e, 0x39, 0x02, 0x40, 0x5a, 0x34, 73 0x66, 0xd8, 0xf5, 0xe2, 0x7f, 0x18, 0xb5, 0x00, 0x6e, 0x26, 0x84, 0x27, 74 0x14, 0x93, 0xfb, 0xfc, 0xc6, 0x0f, 0x5e, 0x27, 0xe6, 0xe1, 0xe9, 0xc0, 75 0x8a, 0xe4, 0x34, 0xda, 0xe9, 0xa2, 0x4b, 0x73, 0xbc, 0x8c, 0xb9, 0xba, 76 0x13, 0x6c, 0x7a, 0x2b, 0x51, 0x84, 0xa3, 0x4a, 0xe0, 0x30, 0x10, 0x06, 77 0x7e, 0xed, 0x17, 0x5a, 0x14, 0x00, 0xc9, 0xef, 0x85, 0xea, 0x52, 0x2c, 78 0xbc, 0x65, 0x02, 0x40, 0x51, 0xe3, 0xf2, 0x83, 0x19, 0x9b, 0xc4, 0x1e, 79 0x2f, 0x50, 0x3d, 0xdf, 0x5a, 0xa2, 0x18, 0xca, 0x5f, 0x2e, 0x49, 0xaf, 80 0x6f, 0xcc, 0xfa, 0x65, 0x77, 0x94, 0xb5, 0xa1, 0x0a, 0xa9, 0xd1, 0x8a, 81 0x39, 0x37, 0xf4, 0x0b, 0xa0, 0xd7, 0x82, 0x27, 0x5e, 0xae, 0x17, 0x17, 82 0xa1, 0x1e, 0x54, 0x34, 0xbf, 0x6e, 0xc4, 0x8e, 0x99, 0x5d, 0x08, 0xf1, 83 0x2d, 0x86, 0x9d, 0xa5, 0x20, 0x1b, 0xe5, 0xdf, 84 }; 85 86 /* 87 * kExampleBadRSAKeyDER is an RSA private key in ASN.1, DER format. The private 88 * components are not correct. 89 */ 90 static const unsigned char kExampleBadRSAKeyDER[] = { 91 0x30, 0x82, 0x04, 0x27, 0x02, 0x01, 0x00, 0x02, 0x82, 0x01, 0x01, 0x00, 92 0xa6, 0x1a, 0x1e, 0x6e, 0x7b, 0xee, 0xc6, 0x89, 0x66, 0xe7, 0x93, 0xef, 93 0x54, 0x12, 0x68, 0xea, 0xbf, 0x86, 0x2f, 0xdd, 0xd2, 0x79, 0xb8, 0xa9, 94 0x6e, 0x03, 0xc2, 0xa3, 0xb9, 0xa3, 0xe1, 0x4b, 0x2a, 0xb3, 0xf8, 0xb4, 95 0xcd, 0xea, 0xbe, 0x24, 0xa6, 0x57, 0x5b, 0x83, 0x1f, 0x0f, 0xf2, 0xd3, 96 0xb7, 0xac, 0x7e, 0xd6, 0x8e, 0x6e, 0x1e, 0xbf, 0xb8, 0x73, 0x8c, 0x05, 97 0x56, 0xe6, 0x35, 0x1f, 0xe9, 0x04, 0x0b, 0x09, 0x86, 0x7d, 0xf1, 0x26, 98 0x08, 0x99, 0xad, 0x7b, 0xc8, 0x4d, 0x94, 0xb0, 0x0b, 0x8b, 0x38, 0xa0, 99 0x5c, 0x62, 0xa0, 0xab, 0xd3, 0x8f, 0xd4, 0x09, 0x60, 0x72, 0x1e, 0x33, 100 0x50, 0x80, 0x6e, 0x22, 0xa6, 0x77, 0x57, 0x6b, 0x9a, 0x33, 0x21, 0x66, 101 0x87, 0x6e, 0x21, 0x7b, 0xc7, 0x24, 0x0e, 0xd8, 0x13, 0xdf, 0x83, 0xde, 102 0xcd, 0x40, 0x58, 0x1d, 0x84, 0x86, 0xeb, 0xb8, 0x12, 0x4e, 0xd2, 0xfa, 103 0x80, 0x1f, 0xe4, 0xe7, 0x96, 0x29, 0xb8, 0xcc, 0xce, 0x66, 0x6d, 0x53, 104 0xca, 0xb9, 0x5a, 0xd7, 0xf6, 0x84, 0x6c, 0x2d, 0x9a, 0x1a, 0x14, 0x1c, 105 0x4e, 0x93, 0x39, 0xba, 0x74, 0xed, 0xed, 0x87, 0x87, 0x5e, 0x48, 0x75, 106 0x36, 0xf0, 0xbc, 0x34, 0xfb, 0x29, 0xf9, 0x9f, 0x96, 0x5b, 0x0b, 0xa7, 107 0x54, 0x30, 0x51, 0x29, 0x18, 0x5b, 0x7d, 0xac, 0x0f, 0xd6, 0x5f, 0x7c, 108 0xf8, 0x98, 0x8c, 0xd8, 0x86, 0x62, 0xb3, 0xdc, 0xff, 0x0f, 0xff, 0x7a, 109 0xaf, 0x5c, 0x4c, 0x61, 0x49, 0x2e, 0xc8, 0x95, 0x86, 0xc4, 0x0e, 0x87, 110 0xfc, 0x1d, 0xcf, 0x8b, 0x7c, 0x61, 0xf6, 0xd8, 0xd0, 0x69, 0xf6, 0xcd, 111 0x8a, 0x8c, 0xf6, 0x62, 0xa2, 0x56, 0xa9, 0xe3, 0xd1, 0xcf, 0x4d, 0xa0, 112 0xf6, 0x2d, 0x20, 0x0a, 0x04, 0xb7, 0xa2, 0xf7, 0xb5, 0x99, 0x47, 0x18, 113 0x56, 0x85, 0x87, 0xc7, 0x02, 0x03, 0x01, 0x00, 0x01, 0x02, 0x82, 0x01, 114 0x01, 0x00, 0x99, 0x41, 0x38, 0x1a, 0xd0, 0x96, 0x7a, 0xf0, 0x83, 0xd5, 115 0xdf, 0x94, 0xce, 0x89, 0x3d, 0xec, 0x7a, 0x52, 0x21, 0x10, 0x16, 0x06, 116 0xe0, 0xee, 0xd2, 0xe6, 0xfd, 0x4b, 0x7b, 0x19, 0x4d, 0xe1, 0xc0, 0xc0, 117 0xd5, 0x14, 0x5d, 0x79, 0xdd, 0x7e, 0x8b, 0x4b, 0xc6, 0xcf, 0xb0, 0x75, 118 0x52, 0xa3, 0x2d, 0xb1, 0x26, 0x46, 0x68, 0x9c, 0x0a, 0x1a, 0xf2, 0xe1, 119 0x09, 0xac, 0x53, 0x85, 0x8c, 0x36, 0xa9, 0x14, 0x65, 0xea, 0xa0, 0x00, 120 0xcb, 0xe3, 0x3f, 0xc4, 0x2b, 0x61, 0x2e, 0x6b, 0x06, 0x69, 0x77, 0xfd, 121 0x38, 0x7e, 0x1d, 0x3f, 0x92, 0xe7, 0x77, 0x08, 0x19, 0xa7, 0x9d, 0x29, 122 0x2d, 0xdc, 0x42, 0xc6, 0x7c, 0xd7, 0xd3, 0xa8, 0x01, 0x2c, 0xf2, 0xd5, 123 0x82, 0x57, 0xcb, 0x55, 0x3d, 0xe7, 0xaa, 0xd2, 0x06, 0x30, 0x30, 0x05, 124 0xe6, 0xf2, 0x47, 0x86, 0xba, 0xc6, 0x61, 0x64, 0xeb, 0x4f, 0x2a, 0x5e, 125 0x07, 0x29, 0xe0, 0x96, 0xb2, 0x43, 0xff, 0x5f, 0x1a, 0x54, 0x16, 0xcf, 126 0xb5, 0x56, 0x5c, 0xa0, 0x9b, 0x0c, 0xfd, 0xb3, 0xd2, 0xe3, 0x79, 0x1d, 127 0x21, 0xe2, 0xd6, 0x13, 0xc4, 0x74, 0xa6, 0xf5, 0x8e, 0x8e, 0x81, 0xbb, 128 0xb4, 0xad, 0x8a, 0xf0, 0x93, 0x0a, 0xd8, 0x0a, 0x42, 0x36, 0xbc, 0xe5, 129 0x26, 0x2a, 0x0d, 0x5d, 0x57, 0x13, 0xc5, 0x4e, 0x2f, 0x12, 0x0e, 0xef, 130 0xa7, 0x81, 0x1e, 0xc3, 0xa5, 0xdb, 0xc9, 0x24, 0xeb, 0x1a, 0xa1, 0xf9, 131 0xf6, 0xa1, 0x78, 0x98, 0x93, 0x77, 0x42, 0x45, 0x03, 0xe2, 0xc9, 0xa2, 132 0xfe, 0x2d, 0x77, 0xc8, 0xc6, 0xac, 0x9b, 0x98, 0x89, 0x6d, 0x9a, 0xe7, 133 0x61, 0x63, 0xb7, 0xf2, 0xec, 0xd6, 0xb1, 0xa1, 0x6e, 0x0a, 0x1a, 0xff, 134 0xfd, 0x43, 0x28, 0xc3, 0x0c, 0xdc, 0xf2, 0x47, 0x4f, 0x27, 0xaa, 0x99, 135 0x04, 0x8e, 0xac, 0xe8, 0x7c, 0x01, 0x02, 0x04, 0x12, 0x34, 0x56, 0x78, 136 0x02, 0x81, 0x81, 0x00, 0xca, 0x69, 0xe5, 0xbb, 0x3a, 0x90, 0x82, 0xcb, 137 0x82, 0x50, 0x2f, 0x29, 0xe2, 0x76, 0x6a, 0x57, 0x55, 0x45, 0x4e, 0x35, 138 0x18, 0x61, 0xe0, 0x12, 0x70, 0xc0, 0xab, 0xc7, 0x80, 0xa2, 0xd4, 0x46, 139 0x34, 0x03, 0xa0, 0x19, 0x26, 0x23, 0x9e, 0xef, 0x1a, 0xcb, 0x75, 0xd6, 140 0xba, 0x81, 0xf4, 0x7e, 0x52, 0xe5, 0x2a, 0xe8, 0xf1, 0x49, 0x6c, 0x0f, 141 0x1a, 0xa0, 0xf9, 0xc6, 0xe7, 0xec, 0x60, 0xe4, 0xcb, 0x2a, 0xb5, 0x56, 142 0xe9, 0x9c, 0xcd, 0x19, 0x75, 0x92, 0xb1, 0x66, 0xce, 0xc3, 0xd9, 0x3d, 143 0x11, 0xcb, 0xc4, 0x09, 0xce, 0x1e, 0x30, 0xba, 0x2f, 0x60, 0x60, 0x55, 144 0x8d, 0x02, 0xdc, 0x5d, 0xaf, 0xf7, 0x52, 0x31, 0x17, 0x07, 0x53, 0x20, 145 0x33, 0xad, 0x8c, 0xd5, 0x2f, 0x5a, 0xd0, 0x57, 0xd7, 0xd1, 0x80, 0xd6, 146 0x3a, 0x9b, 0x04, 0x4f, 0x35, 0xbf, 0xe7, 0xd5, 0xbc, 0x8f, 0xd4, 0x81, 147 0x02, 0x81, 0x81, 0x00, 0xc0, 0x9f, 0xf8, 0xcd, 0xf7, 0x3f, 0x26, 0x8a, 148 0x3d, 0x4d, 0x2b, 0x0c, 0x01, 0xd0, 0xa2, 0xb4, 0x18, 0xfe, 0xf7, 0x5e, 149 0x2f, 0x06, 0x13, 0xcd, 0x63, 0xaa, 0x12, 0xa9, 0x24, 0x86, 0xe3, 0xf3, 150 0x7b, 0xda, 0x1a, 0x3c, 0xb1, 0x38, 0x80, 0x80, 0xef, 0x64, 0x64, 0xa1, 151 0x9b, 0xfe, 0x76, 0x63, 0x8e, 0x83, 0xd2, 0xd9, 0xb9, 0x86, 0xb0, 0xe6, 152 0xa6, 0x0c, 0x7e, 0xa8, 0x84, 0x90, 0x98, 0x0c, 0x1e, 0xf3, 0x14, 0x77, 153 0xe0, 0x5f, 0x81, 0x08, 0x11, 0x8f, 0xa6, 0x23, 0xc4, 0xba, 0xc0, 0x8a, 154 0xe4, 0xc6, 0xe3, 0x5c, 0xbe, 0xc5, 0xec, 0x2c, 0xb9, 0xd8, 0x8c, 0x4d, 155 0x1a, 0x9d, 0xe7, 0x7c, 0x85, 0x4c, 0x0d, 0x71, 0x4e, 0x72, 0x33, 0x1b, 156 0xfe, 0xa9, 0x17, 0x72, 0x76, 0x56, 0x9d, 0x74, 0x7e, 0x52, 0x67, 0x9a, 157 0x87, 0x9a, 0xdb, 0x30, 0xde, 0xe4, 0x49, 0x28, 0x3b, 0xd2, 0x67, 0xaf, 158 0x02, 0x81, 0x81, 0x00, 0x89, 0x74, 0x9a, 0x8e, 0xa7, 0xb9, 0xa5, 0x28, 159 0xc0, 0x68, 0xe5, 0x6e, 0x63, 0x1c, 0x99, 0x20, 0x8f, 0x86, 0x8e, 0x12, 160 0x9e, 0x69, 0x30, 0xfa, 0x34, 0xd9, 0x92, 0x8d, 0xdb, 0x7c, 0x37, 0xfd, 161 0x28, 0xab, 0x61, 0x98, 0x52, 0x7f, 0x14, 0x1a, 0x39, 0xae, 0xfb, 0x6a, 162 0x03, 0xa3, 0xe6, 0xbd, 0xb6, 0x5b, 0x6b, 0xe5, 0x5e, 0x9d, 0xc6, 0xa5, 163 0x07, 0x27, 0x54, 0x17, 0xd0, 0x3d, 0x84, 0x9b, 0x3a, 0xa0, 0xd9, 0x1e, 164 0x99, 0x6c, 0x63, 0x17, 0xab, 0xf1, 0x1f, 0x49, 0xba, 0x95, 0xe3, 0x3b, 165 0x86, 0x8f, 0x42, 0xa4, 0x89, 0xf5, 0x94, 0x8f, 0x8b, 0x46, 0xbe, 0x84, 166 0xba, 0x4a, 0xbc, 0x0d, 0x5f, 0x46, 0xeb, 0xe8, 0xec, 0x43, 0x8c, 0x1e, 167 0xad, 0x19, 0x69, 0x2f, 0x08, 0x86, 0x7a, 0x3f, 0x7d, 0x0f, 0x07, 0x97, 168 0xf3, 0x9a, 0x7b, 0xb5, 0xb2, 0xc1, 0x8c, 0x95, 0x68, 0x04, 0xa0, 0x81, 169 0x02, 0x81, 0x80, 0x4e, 0xbf, 0x7e, 0x1b, 0xcb, 0x13, 0x61, 0x75, 0x3b, 170 0xdb, 0x59, 0x5f, 0xb1, 0xd4, 0xb8, 0xeb, 0x9e, 0x73, 0xb5, 0xe7, 0xf6, 171 0x89, 0x3d, 0x1c, 0xda, 0xf0, 0x36, 0xff, 0x35, 0xbd, 0x1e, 0x0b, 0x74, 172 0xe3, 0x9e, 0xf0, 0xf2, 0xf7, 0xd7, 0x82, 0xb7, 0x7b, 0x6a, 0x1b, 0x0e, 173 0x30, 0x4a, 0x98, 0x0e, 0xb4, 0xf9, 0x81, 0x07, 0xe4, 0x75, 0x39, 0xe9, 174 0x53, 0xca, 0xbb, 0x5c, 0xaa, 0x93, 0x07, 0x0e, 0xa8, 0x2f, 0xba, 0x98, 175 0x49, 0x30, 0xa7, 0xcc, 0x1a, 0x3c, 0x68, 0x0c, 0xe1, 0xa4, 0xb1, 0x05, 176 0xe6, 0xe0, 0x25, 0x78, 0x58, 0x14, 0x37, 0xf5, 0x1f, 0xe3, 0x22, 0xef, 177 0xa8, 0x0e, 0x22, 0xa0, 0x94, 0x3a, 0xf6, 0xc9, 0x13, 0xe6, 0x06, 0xbf, 178 0x7f, 0x99, 0xc6, 0xcc, 0xd8, 0xc6, 0xbe, 0xd9, 0x2e, 0x24, 0xc7, 0x69, 179 0x8c, 0x95, 0xba, 0xf6, 0x04, 0xb3, 0x0a, 0xf4, 0xcb, 0xf0, 0xce, 180 }; 181 182 static const unsigned char kMsg[] = { 1, 2, 3, 4 }; 183 184 static const unsigned char kSignature[] = { 185 0xa5, 0xf0, 0x8a, 0x47, 0x5d, 0x3c, 0xb3, 0xcc, 0xa9, 0x79, 0xaf, 0x4d, 186 0x8c, 0xae, 0x4c, 0x14, 0xef, 0xc2, 0x0b, 0x34, 0x36, 0xde, 0xf4, 0x3e, 187 0x3d, 0xbb, 0x4a, 0x60, 0x5c, 0xc8, 0x91, 0x28, 0xda, 0xfb, 0x7e, 0x04, 188 0x96, 0x7e, 0x63, 0x13, 0x90, 0xce, 0xb9, 0xb4, 0x62, 0x7a, 0xfd, 0x09, 189 0x3d, 0xc7, 0x67, 0x78, 0x54, 0x04, 0xeb, 0x52, 0x62, 0x6e, 0x24, 0x67, 190 0xb4, 0x40, 0xfc, 0x57, 0x62, 0xc6, 0xf1, 0x67, 0xc1, 0x97, 0x8f, 0x6a, 191 0xa8, 0xae, 0x44, 0x46, 0x5e, 0xab, 0x67, 0x17, 0x53, 0x19, 0x3a, 0xda, 192 0x5a, 0xc8, 0x16, 0x3e, 0x86, 0xd5, 0xc5, 0x71, 0x2f, 0xfc, 0x23, 0x48, 193 0xd9, 0x0b, 0x13, 0xdd, 0x7b, 0x5a, 0x25, 0x79, 0xef, 0xa5, 0x7b, 0x04, 194 0xed, 0x44, 0xf6, 0x18, 0x55, 0xe4, 0x0a, 0xe9, 0x57, 0x79, 0x5d, 0xd7, 195 0x55, 0xa7, 0xab, 0x45, 0x02, 0x97, 0x60, 0x42, 196 }; 197 198 /* 199 * kExampleRSAKeyPKCS8 is kExampleRSAKeyDER encoded in a PKCS #8 200 * PrivateKeyInfo. 201 */ 202 static const unsigned char kExampleRSAKeyPKCS8[] = { 203 0x30, 0x82, 0x02, 0x76, 0x02, 0x01, 0x00, 0x30, 0x0d, 0x06, 0x09, 0x2a, 204 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x04, 0x82, 205 0x02, 0x60, 0x30, 0x82, 0x02, 0x5c, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81, 206 0x00, 0xf8, 0xb8, 0x6c, 0x83, 0xb4, 0xbc, 0xd9, 0xa8, 0x57, 0xc0, 0xa5, 207 0xb4, 0x59, 0x76, 0x8c, 0x54, 0x1d, 0x79, 0xeb, 0x22, 0x52, 0x04, 0x7e, 208 0xd3, 0x37, 0xeb, 0x41, 0xfd, 0x83, 0xf9, 0xf0, 0xa6, 0x85, 0x15, 0x34, 209 0x75, 0x71, 0x5a, 0x84, 0xa8, 0x3c, 0xd2, 0xef, 0x5a, 0x4e, 0xd3, 0xde, 210 0x97, 0x8a, 0xdd, 0xff, 0xbb, 0xcf, 0x0a, 0xaa, 0x86, 0x92, 0xbe, 0xb8, 211 0x50, 0xe4, 0xcd, 0x6f, 0x80, 0x33, 0x30, 0x76, 0x13, 0x8f, 0xca, 0x7b, 212 0xdc, 0xec, 0x5a, 0xca, 0x63, 0xc7, 0x03, 0x25, 0xef, 0xa8, 0x8a, 0x83, 213 0x58, 0x76, 0x20, 0xfa, 0x16, 0x77, 0xd7, 0x79, 0x92, 0x63, 0x01, 0x48, 214 0x1a, 0xd8, 0x7b, 0x67, 0xf1, 0x52, 0x55, 0x49, 0x4e, 0xd6, 0x6e, 0x4a, 215 0x5c, 0xd7, 0x7a, 0x37, 0x36, 0x0c, 0xde, 0xdd, 0x8f, 0x44, 0xe8, 0xc2, 216 0xa7, 0x2c, 0x2b, 0xb5, 0xaf, 0x64, 0x4b, 0x61, 0x07, 0x02, 0x03, 0x01, 217 0x00, 0x01, 0x02, 0x81, 0x80, 0x74, 0x88, 0x64, 0x3f, 0x69, 0x45, 0x3a, 218 0x6d, 0xc7, 0x7f, 0xb9, 0xa3, 0xc0, 0x6e, 0xec, 0xdc, 0xd4, 0x5a, 0xb5, 219 0x32, 0x85, 0x5f, 0x19, 0xd4, 0xf8, 0xd4, 0x3f, 0x3c, 0xfa, 0xc2, 0xf6, 220 0x5f, 0xee, 0xe6, 0xba, 0x87, 0x74, 0x2e, 0xc7, 0x0c, 0xd4, 0x42, 0xb8, 221 0x66, 0x85, 0x9c, 0x7b, 0x24, 0x61, 0xaa, 0x16, 0x11, 0xf6, 0xb5, 0xb6, 222 0xa4, 0x0a, 0xc9, 0x55, 0x2e, 0x81, 0xa5, 0x47, 0x61, 0xcb, 0x25, 0x8f, 223 0xc2, 0x15, 0x7b, 0x0e, 0x7c, 0x36, 0x9f, 0x3a, 0xda, 0x58, 0x86, 0x1c, 224 0x5b, 0x83, 0x79, 0xe6, 0x2b, 0xcc, 0xe6, 0xfa, 0x2c, 0x61, 0xf2, 0x78, 225 0x80, 0x1b, 0xe2, 0xf3, 0x9d, 0x39, 0x2b, 0x65, 0x57, 0x91, 0x3d, 0x71, 226 0x99, 0x73, 0xa5, 0xc2, 0x79, 0x20, 0x8c, 0x07, 0x4f, 0xe5, 0xb4, 0x60, 227 0x1f, 0x99, 0xa2, 0xb1, 0x4f, 0x0c, 0xef, 0xbc, 0x59, 0x53, 0x00, 0x7d, 228 0xb1, 0x02, 0x41, 0x00, 0xfc, 0x7e, 0x23, 0x65, 0x70, 0xf8, 0xce, 0xd3, 229 0x40, 0x41, 0x80, 0x6a, 0x1d, 0x01, 0xd6, 0x01, 0xff, 0xb6, 0x1b, 0x3d, 230 0x3d, 0x59, 0x09, 0x33, 0x79, 0xc0, 0x4f, 0xde, 0x96, 0x27, 0x4b, 0x18, 231 0xc6, 0xd9, 0x78, 0xf1, 0xf4, 0x35, 0x46, 0xe9, 0x7c, 0x42, 0x7a, 0x5d, 232 0x9f, 0xef, 0x54, 0xb8, 0xf7, 0x9f, 0xc4, 0x33, 0x6c, 0xf3, 0x8c, 0x32, 233 0x46, 0x87, 0x67, 0x30, 0x7b, 0xa7, 0xac, 0xe3, 0x02, 0x41, 0x00, 0xfc, 234 0x2c, 0xdf, 0x0c, 0x0d, 0x88, 0xf5, 0xb1, 0x92, 0xa8, 0x93, 0x47, 0x63, 235 0x55, 0xf5, 0xca, 0x58, 0x43, 0xba, 0x1c, 0xe5, 0x9e, 0xb6, 0x95, 0x05, 236 0xcd, 0xb5, 0x82, 0xdf, 0xeb, 0x04, 0x53, 0x9d, 0xbd, 0xc2, 0x38, 0x16, 237 0xb3, 0x62, 0xdd, 0xa1, 0x46, 0xdb, 0x6d, 0x97, 0x93, 0x9f, 0x8a, 0xc3, 238 0x9b, 0x64, 0x7e, 0x42, 0xe3, 0x32, 0x57, 0x19, 0x1b, 0xd5, 0x6e, 0x85, 239 0xfa, 0xb8, 0x8d, 0x02, 0x41, 0x00, 0xbc, 0x3d, 0xde, 0x6d, 0xd6, 0x97, 240 0xe8, 0xba, 0x9e, 0x81, 0x37, 0x17, 0xe5, 0xa0, 0x64, 0xc9, 0x00, 0xb7, 241 0xe7, 0xfe, 0xf4, 0x29, 0xd9, 0x2e, 0x43, 0x6b, 0x19, 0x20, 0xbd, 0x99, 242 0x75, 0xe7, 0x76, 0xf8, 0xd3, 0xae, 0xaf, 0x7e, 0xb8, 0xeb, 0x81, 0xf4, 243 0x9d, 0xfe, 0x07, 0x2b, 0x0b, 0x63, 0x0b, 0x5a, 0x55, 0x90, 0x71, 0x7d, 244 0xf1, 0xdb, 0xd9, 0xb1, 0x41, 0x41, 0x68, 0x2f, 0x4e, 0x39, 0x02, 0x40, 245 0x5a, 0x34, 0x66, 0xd8, 0xf5, 0xe2, 0x7f, 0x18, 0xb5, 0x00, 0x6e, 0x26, 246 0x84, 0x27, 0x14, 0x93, 0xfb, 0xfc, 0xc6, 0x0f, 0x5e, 0x27, 0xe6, 0xe1, 247 0xe9, 0xc0, 0x8a, 0xe4, 0x34, 0xda, 0xe9, 0xa2, 0x4b, 0x73, 0xbc, 0x8c, 248 0xb9, 0xba, 0x13, 0x6c, 0x7a, 0x2b, 0x51, 0x84, 0xa3, 0x4a, 0xe0, 0x30, 249 0x10, 0x06, 0x7e, 0xed, 0x17, 0x5a, 0x14, 0x00, 0xc9, 0xef, 0x85, 0xea, 250 0x52, 0x2c, 0xbc, 0x65, 0x02, 0x40, 0x51, 0xe3, 0xf2, 0x83, 0x19, 0x9b, 251 0xc4, 0x1e, 0x2f, 0x50, 0x3d, 0xdf, 0x5a, 0xa2, 0x18, 0xca, 0x5f, 0x2e, 252 0x49, 0xaf, 0x6f, 0xcc, 0xfa, 0x65, 0x77, 0x94, 0xb5, 0xa1, 0x0a, 0xa9, 253 0xd1, 0x8a, 0x39, 0x37, 0xf4, 0x0b, 0xa0, 0xd7, 0x82, 0x27, 0x5e, 0xae, 254 0x17, 0x17, 0xa1, 0x1e, 0x54, 0x34, 0xbf, 0x6e, 0xc4, 0x8e, 0x99, 0x5d, 255 0x08, 0xf1, 0x2d, 0x86, 0x9d, 0xa5, 0x20, 0x1b, 0xe5, 0xdf, 256 }; 257 258 #ifndef OPENSSL_NO_EC 259 /* 260 * kExampleECKeyDER is a sample EC private key encoded as an ECPrivateKey 261 * structure. 262 */ 263 static const unsigned char kExampleECKeyDER[] = { 264 0x30, 0x77, 0x02, 0x01, 0x01, 0x04, 0x20, 0x07, 0x0f, 0x08, 0x72, 0x7a, 265 0xd4, 0xa0, 0x4a, 0x9c, 0xdd, 0x59, 0xc9, 0x4d, 0x89, 0x68, 0x77, 0x08, 266 0xb5, 0x6f, 0xc9, 0x5d, 0x30, 0x77, 0x0e, 0xe8, 0xd1, 0xc9, 0xce, 0x0a, 267 0x8b, 0xb4, 0x6a, 0xa0, 0x0a, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 268 0x03, 0x01, 0x07, 0xa1, 0x44, 0x03, 0x42, 0x00, 0x04, 0xe6, 0x2b, 0x69, 269 0xe2, 0xbf, 0x65, 0x9f, 0x97, 0xbe, 0x2f, 0x1e, 0x0d, 0x94, 0x8a, 0x4c, 270 0xd5, 0x97, 0x6b, 0xb7, 0xa9, 0x1e, 0x0d, 0x46, 0xfb, 0xdd, 0xa9, 0xa9, 271 0x1e, 0x9d, 0xdc, 0xba, 0x5a, 0x01, 0xe7, 0xd6, 0x97, 0xa8, 0x0a, 0x18, 272 0xf9, 0xc3, 0xc4, 0xa3, 0x1e, 0x56, 0xe2, 0x7c, 0x83, 0x48, 0xdb, 0x16, 273 0x1a, 0x1c, 0xf5, 0x1d, 0x7e, 0xf1, 0x94, 0x2d, 0x4b, 0xcf, 0x72, 0x22, 274 0xc1, 275 }; 276 277 /* 278 * kExampleBadECKeyDER is a sample EC private key encoded as an ECPrivateKey 279 * structure. The private key is equal to the order and will fail to import 280 */ 281 static const unsigned char kExampleBadECKeyDER[] = { 282 0x30, 0x66, 0x02, 0x01, 0x00, 0x30, 0x13, 0x06, 0x07, 0x2A, 0x86, 0x48, 283 0xCE, 0x3D, 0x02, 0x01, 0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x03, 284 0x01, 0x07, 0x04, 0x4C, 0x30, 0x4A, 0x02, 0x01, 0x01, 0x04, 0x20, 0xFF, 285 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 286 0xFF, 0xFF, 0xFF, 0xBC, 0xE6, 0xFA, 0xAD, 0xA7, 0x17, 0x9E, 0x84, 0xF3, 287 0xB9, 0xCA, 0xC2, 0xFC, 0x63, 0x25, 0x51, 0xA1, 0x23, 0x03, 0x21, 0x00, 288 0x00, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF, 289 0xFF, 0xFF, 0xFF, 0xFF, 0xBC, 0xE6, 0xFA, 0xAD, 0xA7, 0x17, 0x9E, 0x84, 290 0xF3, 0xB9, 0xCA, 0xC2, 0xFC, 0x63, 0x25, 0x51 291 }; 292 293 /* prime256v1 */ 294 static const unsigned char kExampleECPubKeyDER[] = { 295 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02, 296 0x01, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, 0x03, 297 0x42, 0x00, 0x04, 0xba, 0xeb, 0x83, 0xfb, 0x3b, 0xb2, 0xff, 0x30, 0x53, 298 0xdb, 0xce, 0x32, 0xf2, 0xac, 0xae, 0x44, 0x0d, 0x3d, 0x13, 0x53, 0xb8, 299 0xd1, 0x68, 0x55, 0xde, 0x44, 0x46, 0x05, 0xa6, 0xc9, 0xd2, 0x04, 0xb7, 300 0xe3, 0xa2, 0x96, 0xc8, 0xb2, 0x5e, 0x22, 0x03, 0xd7, 0x03, 0x7a, 0x8b, 301 0x13, 0x5c, 0x42, 0x49, 0xc2, 0xab, 0x86, 0xd6, 0xac, 0x6b, 0x93, 0x20, 302 0x56, 0x6a, 0xc6, 0xc8, 0xa5, 0x0b, 0xe5 303 }; 304 305 /* 306 * kExampleBadECPubKeyDER is a sample EC public key with a wrong OID 307 * 1.2.840.10045.2.2 instead of 1.2.840.10045.2.1 - EC Public Key 308 */ 309 static const unsigned char kExampleBadECPubKeyDER[] = { 310 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02, 311 0x02, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, 0x03, 312 0x42, 0x00, 0x04, 0xba, 0xeb, 0x83, 0xfb, 0x3b, 0xb2, 0xff, 0x30, 0x53, 313 0xdb, 0xce, 0x32, 0xf2, 0xac, 0xae, 0x44, 0x0d, 0x3d, 0x13, 0x53, 0xb8, 314 0xd1, 0x68, 0x55, 0xde, 0x44, 0x46, 0x05, 0xa6, 0xc9, 0xd2, 0x04, 0xb7, 315 0xe3, 0xa2, 0x96, 0xc8, 0xb2, 0x5e, 0x22, 0x03, 0xd7, 0x03, 0x7a, 0x8b, 316 0x13, 0x5c, 0x42, 0x49, 0xc2, 0xab, 0x86, 0xd6, 0xac, 0x6b, 0x93, 0x20, 317 0x56, 0x6a, 0xc6, 0xc8, 0xa5, 0x0b, 0xe5 318 }; 319 320 static const unsigned char pExampleECParamDER[] = { 321 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07 322 }; 323 #endif 324 325 static const unsigned char kCFBDefaultKey[] = { 326 0x2B, 0x7E, 0x15, 0x16, 0x28, 0xAE, 0xD2, 0xA6, 0xAB, 0xF7, 0x15, 0x88, 327 0x09, 0xCF, 0x4F, 0x3C 328 }; 329 330 static const unsigned char kGCMDefaultKey[32] = { 0 }; 331 332 static const unsigned char kGCMResetKey[] = { 333 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c, 0x6d, 0x6a, 0x8f, 0x94, 334 0x67, 0x30, 0x83, 0x08, 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c, 335 0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08 336 }; 337 338 static const unsigned char iCFBIV[] = { 339 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0A, 0x0B, 340 0x0C, 0x0D, 0x0E, 0x0F 341 }; 342 343 static const unsigned char iGCMDefaultIV[12] = { 0 }; 344 345 static const unsigned char iGCMResetIV1[] = { 346 0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad 347 }; 348 349 static const unsigned char iGCMResetIV2[] = { 350 0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad, 0xde, 0xca, 0xf8, 0x88 351 }; 352 353 static const unsigned char cfbPlaintext[] = { 354 0x6B, 0xC1, 0xBE, 0xE2, 0x2E, 0x40, 0x9F, 0x96, 0xE9, 0x3D, 0x7E, 0x11, 355 0x73, 0x93, 0x17, 0x2A 356 }; 357 358 static const unsigned char gcmDefaultPlaintext[16] = { 0 }; 359 360 static const unsigned char gcmResetPlaintext[] = { 361 0xd9, 0x31, 0x32, 0x25, 0xf8, 0x84, 0x06, 0xe5, 0xa5, 0x59, 0x09, 0xc5, 362 0xaf, 0xf5, 0x26, 0x9a, 0x86, 0xa7, 0xa9, 0x53, 0x15, 0x34, 0xf7, 0xda, 363 0x2e, 0x4c, 0x30, 0x3d, 0x8a, 0x31, 0x8a, 0x72, 0x1c, 0x3c, 0x0c, 0x95, 364 0x95, 0x68, 0x09, 0x53, 0x2f, 0xcf, 0x0e, 0x24, 0x49, 0xa6, 0xb5, 0x25, 365 0xb1, 0x6a, 0xed, 0xf5, 0xaa, 0x0d, 0xe6, 0x57, 0xba, 0x63, 0x7b, 0x39 366 }; 367 368 static const unsigned char cfbCiphertext[] = { 369 0x3B, 0x3F, 0xD9, 0x2E, 0xB7, 0x2D, 0xAD, 0x20, 0x33, 0x34, 0x49, 0xF8, 370 0xE8, 0x3C, 0xFB, 0x4A 371 }; 372 373 static const unsigned char gcmDefaultCiphertext[] = { 374 0xce, 0xa7, 0x40, 0x3d, 0x4d, 0x60, 0x6b, 0x6e, 0x07, 0x4e, 0xc5, 0xd3, 375 0xba, 0xf3, 0x9d, 0x18 376 }; 377 378 static const unsigned char gcmResetCiphertext1[] = { 379 0xc3, 0x76, 0x2d, 0xf1, 0xca, 0x78, 0x7d, 0x32, 0xae, 0x47, 0xc1, 0x3b, 380 0xf1, 0x98, 0x44, 0xcb, 0xaf, 0x1a, 0xe1, 0x4d, 0x0b, 0x97, 0x6a, 0xfa, 381 0xc5, 0x2f, 0xf7, 0xd7, 0x9b, 0xba, 0x9d, 0xe0, 0xfe, 0xb5, 0x82, 0xd3, 382 0x39, 0x34, 0xa4, 0xf0, 0x95, 0x4c, 0xc2, 0x36, 0x3b, 0xc7, 0x3f, 0x78, 383 0x62, 0xac, 0x43, 0x0e, 0x64, 0xab, 0xe4, 0x99, 0xf4, 0x7c, 0x9b, 0x1f 384 }; 385 386 static const unsigned char gcmResetCiphertext2[] = { 387 0x52, 0x2d, 0xc1, 0xf0, 0x99, 0x56, 0x7d, 0x07, 0xf4, 0x7f, 0x37, 0xa3, 388 0x2a, 0x84, 0x42, 0x7d, 0x64, 0x3a, 0x8c, 0xdc, 0xbf, 0xe5, 0xc0, 0xc9, 389 0x75, 0x98, 0xa2, 0xbd, 0x25, 0x55, 0xd1, 0xaa, 0x8c, 0xb0, 0x8e, 0x48, 390 0x59, 0x0d, 0xbb, 0x3d, 0xa7, 0xb0, 0x8b, 0x10, 0x56, 0x82, 0x88, 0x38, 391 0xc5, 0xf6, 0x1e, 0x63, 0x93, 0xba, 0x7a, 0x0a, 0xbc, 0xc9, 0xf6, 0x62 392 }; 393 394 static const unsigned char gcmAAD[] = { 395 0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef, 0xfe, 0xed, 0xfa, 0xce, 396 0xde, 0xad, 0xbe, 0xef, 0xab, 0xad, 0xda, 0xd2 397 }; 398 399 static const unsigned char gcmDefaultTag[] = { 400 0xd0, 0xd1, 0xc8, 0xa7, 0x99, 0x99, 0x6b, 0xf0, 0x26, 0x5b, 0x98, 0xb5, 401 0xd4, 0x8a, 0xb9, 0x19 402 }; 403 404 static const unsigned char gcmResetTag1[] = { 405 0x3a, 0x33, 0x7d, 0xbf, 0x46, 0xa7, 0x92, 0xc4, 0x5e, 0x45, 0x49, 0x13, 406 0xfe, 0x2e, 0xa8, 0xf2 407 }; 408 409 static const unsigned char gcmResetTag2[] = { 410 0x76, 0xfc, 0x6e, 0xce, 0x0f, 0x4e, 0x17, 0x68, 0xcd, 0xdf, 0x88, 0x53, 411 0xbb, 0x2d, 0x55, 0x1b 412 }; 413 414 415 typedef struct APK_DATA_st { 416 const unsigned char *kder; 417 size_t size; 418 int evptype; 419 int check; 420 int pub_check; 421 int param_check; 422 int type; /* 0 for private, 1 for public, 2 for params */ 423 } APK_DATA; 424 425 typedef struct { 426 const char *cipher; 427 const unsigned char *key; 428 const unsigned char *iv; 429 const unsigned char *input; 430 const unsigned char *expected; 431 const unsigned char *tag; 432 size_t ivlen; /* 0 if we do not need to set a specific IV len */ 433 size_t inlen; 434 size_t expectedlen; 435 size_t taglen; 436 int keyfirst; 437 int initenc; 438 int finalenc; 439 } EVP_INIT_TEST_st; 440 441 static const EVP_INIT_TEST_st evp_init_tests[] = { 442 { 443 "aes-128-cfb", kCFBDefaultKey, iCFBIV, cfbPlaintext, 444 cfbCiphertext, NULL, 0, sizeof(cfbPlaintext), sizeof(cfbCiphertext), 445 0, 1, 0, 1 446 }, 447 { 448 "aes-256-gcm", kGCMDefaultKey, iGCMDefaultIV, gcmDefaultPlaintext, 449 gcmDefaultCiphertext, gcmDefaultTag, sizeof(iGCMDefaultIV), 450 sizeof(gcmDefaultPlaintext), sizeof(gcmDefaultCiphertext), 451 sizeof(gcmDefaultTag), 1, 0, 1 452 }, 453 { 454 "aes-128-cfb", kCFBDefaultKey, iCFBIV, cfbPlaintext, 455 cfbCiphertext, NULL, 0, sizeof(cfbPlaintext), sizeof(cfbCiphertext), 456 0, 0, 0, 1 457 }, 458 { 459 "aes-256-gcm", kGCMDefaultKey, iGCMDefaultIV, gcmDefaultPlaintext, 460 gcmDefaultCiphertext, gcmDefaultTag, sizeof(iGCMDefaultIV), 461 sizeof(gcmDefaultPlaintext), sizeof(gcmDefaultCiphertext), 462 sizeof(gcmDefaultTag), 0, 0, 1 463 }, 464 { 465 "aes-128-cfb", kCFBDefaultKey, iCFBIV, cfbCiphertext, 466 cfbPlaintext, NULL, 0, sizeof(cfbCiphertext), sizeof(cfbPlaintext), 467 0, 1, 1, 0 468 }, 469 { 470 "aes-256-gcm", kGCMDefaultKey, iGCMDefaultIV, gcmDefaultCiphertext, 471 gcmDefaultPlaintext, gcmDefaultTag, sizeof(iGCMDefaultIV), 472 sizeof(gcmDefaultCiphertext), sizeof(gcmDefaultPlaintext), 473 sizeof(gcmDefaultTag), 1, 1, 0 474 }, 475 { 476 "aes-128-cfb", kCFBDefaultKey, iCFBIV, cfbCiphertext, 477 cfbPlaintext, NULL, 0, sizeof(cfbCiphertext), sizeof(cfbPlaintext), 478 0, 0, 1, 0 479 }, 480 { 481 "aes-256-gcm", kGCMDefaultKey, iGCMDefaultIV, gcmDefaultCiphertext, 482 gcmDefaultPlaintext, gcmDefaultTag, sizeof(iGCMDefaultIV), 483 sizeof(gcmDefaultCiphertext), sizeof(gcmDefaultPlaintext), 484 sizeof(gcmDefaultTag), 0, 1, 0 485 } 486 }; 487 488 static int evp_init_seq_set_iv(EVP_CIPHER_CTX *ctx, const EVP_INIT_TEST_st *t) 489 { 490 int res = 0; 491 492 if (t->ivlen != 0) { 493 if (!TEST_true(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_IVLEN, t->ivlen, NULL))) 494 goto err; 495 } 496 if (!TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, NULL, t->iv, -1))) 497 goto err; 498 res = 1; 499 err: 500 return res; 501 } 502 503 /* 504 * Test step-wise cipher initialization via EVP_CipherInit_ex where the 505 * arguments are given one at a time and a final adjustment to the enc 506 * parameter sets the correct operation. 507 */ 508 static int test_evp_init_seq(int idx) 509 { 510 int outlen1, outlen2; 511 int testresult = 0; 512 unsigned char outbuf[1024]; 513 unsigned char tag[16]; 514 const EVP_INIT_TEST_st *t = &evp_init_tests[idx]; 515 EVP_CIPHER_CTX *ctx = NULL; 516 const EVP_CIPHER *type = NULL; 517 size_t taglen = sizeof(tag); 518 char *errmsg = NULL; 519 520 ctx = EVP_CIPHER_CTX_new(); 521 if (ctx == NULL) { 522 errmsg = "CTX_ALLOC"; 523 goto err; 524 } 525 if (!TEST_ptr(type = EVP_get_cipherbyname(t->cipher))) { 526 errmsg = "GET_CIPHERBYNAME"; 527 goto err; 528 } 529 if (!TEST_true(EVP_CipherInit_ex(ctx, type, NULL, NULL, NULL, t->initenc))) { 530 errmsg = "EMPTY_ENC_INIT"; 531 goto err; 532 } 533 if (!TEST_true(EVP_CIPHER_CTX_set_padding(ctx, 0))) { 534 errmsg = "PADDING"; 535 goto err; 536 } 537 if (t->keyfirst && !TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, t->key, NULL, -1))) { 538 errmsg = "KEY_INIT (before iv)"; 539 goto err; 540 } 541 if (!evp_init_seq_set_iv(ctx, t)) { 542 errmsg = "IV_INIT"; 543 goto err; 544 } 545 if (t->keyfirst == 0 && !TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, t->key, NULL, -1))) { 546 errmsg = "KEY_INIT (after iv)"; 547 goto err; 548 } 549 if (!TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, NULL, NULL, t->finalenc))) { 550 errmsg = "FINAL_ENC_INIT"; 551 goto err; 552 } 553 if (!TEST_true(EVP_CipherUpdate(ctx, outbuf, &outlen1, t->input, t->inlen))) { 554 errmsg = "CIPHER_UPDATE"; 555 goto err; 556 } 557 if (t->finalenc == 0 && t->tag != NULL) { 558 /* Set expected tag */ 559 if (!TEST_true(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, 560 t->taglen, (void *)t->tag))) { 561 errmsg = "SET_TAG"; 562 goto err; 563 } 564 } 565 if (!TEST_true(EVP_CipherFinal_ex(ctx, outbuf + outlen1, &outlen2))) { 566 errmsg = "CIPHER_FINAL"; 567 goto err; 568 } 569 if (!TEST_mem_eq(t->expected, t->expectedlen, outbuf, outlen1 + outlen2)) { 570 errmsg = "WRONG_RESULT"; 571 goto err; 572 } 573 if (t->finalenc != 0 && t->tag != NULL) { 574 if (!TEST_true(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, taglen, tag))) { 575 errmsg = "GET_TAG"; 576 goto err; 577 } 578 if (!TEST_mem_eq(t->tag, t->taglen, tag, taglen)) { 579 errmsg = "TAG_ERROR"; 580 goto err; 581 } 582 } 583 testresult = 1; 584 err: 585 if (errmsg != NULL) 586 TEST_info("evp_init_test %d: %s", idx, errmsg); 587 EVP_CIPHER_CTX_free(ctx); 588 return testresult; 589 } 590 591 typedef struct { 592 const unsigned char *input; 593 const unsigned char *expected; 594 size_t inlen; 595 size_t expectedlen; 596 int enc; 597 } EVP_RESET_TEST_st; 598 599 static const EVP_RESET_TEST_st evp_reset_tests[] = { 600 { 601 cfbPlaintext, cfbCiphertext, 602 sizeof(cfbPlaintext), sizeof(cfbCiphertext), 1 603 }, 604 { 605 cfbCiphertext, cfbPlaintext, 606 sizeof(cfbCiphertext), sizeof(cfbPlaintext), 0 607 } 608 }; 609 610 /* 611 * Test a reset of a cipher via EVP_CipherInit_ex after the cipher has already 612 * been used. 613 */ 614 static int test_evp_reset(int idx) 615 { 616 const EVP_RESET_TEST_st *t = &evp_reset_tests[idx]; 617 int outlen1, outlen2; 618 int testresult = 0; 619 unsigned char outbuf[1024]; 620 EVP_CIPHER_CTX *ctx = NULL; 621 const EVP_CIPHER *type = NULL; 622 char *errmsg = NULL; 623 624 if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new())) { 625 errmsg = "CTX_ALLOC"; 626 goto err; 627 } 628 if (!TEST_ptr(type = EVP_get_cipherbyname("aes-128-cfb"))) { 629 errmsg = "GET_CIPHERBYNAME"; 630 goto err; 631 } 632 if (!TEST_true(EVP_CipherInit_ex(ctx, type, NULL, kCFBDefaultKey, iCFBIV, t->enc))) { 633 errmsg = "CIPHER_INIT"; 634 goto err; 635 } 636 if (!TEST_true(EVP_CIPHER_CTX_set_padding(ctx, 0))) { 637 errmsg = "PADDING"; 638 goto err; 639 } 640 if (!TEST_true(EVP_CipherUpdate(ctx, outbuf, &outlen1, t->input, t->inlen))) { 641 errmsg = "CIPHER_UPDATE"; 642 goto err; 643 } 644 if (!TEST_true(EVP_CipherFinal_ex(ctx, outbuf + outlen1, &outlen2))) { 645 errmsg = "CIPHER_FINAL"; 646 goto err; 647 } 648 if (!TEST_mem_eq(t->expected, t->expectedlen, outbuf, outlen1 + outlen2)) { 649 errmsg = "WRONG_RESULT"; 650 goto err; 651 } 652 if (!TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, NULL, NULL, -1))) { 653 errmsg = "CIPHER_REINIT"; 654 goto err; 655 } 656 if (!TEST_true(EVP_CipherUpdate(ctx, outbuf, &outlen1, t->input, t->inlen))) { 657 errmsg = "CIPHER_UPDATE (reinit)"; 658 goto err; 659 } 660 if (!TEST_true(EVP_CipherFinal_ex(ctx, outbuf + outlen1, &outlen2))) { 661 errmsg = "CIPHER_FINAL (reinit)"; 662 goto err; 663 } 664 if (!TEST_mem_eq(t->expected, t->expectedlen, outbuf, outlen1 + outlen2)) { 665 errmsg = "WRONG_RESULT (reinit)"; 666 goto err; 667 } 668 testresult = 1; 669 err: 670 if (errmsg != NULL) 671 TEST_info("test_evp_reset %d: %s", idx, errmsg); 672 EVP_CIPHER_CTX_free(ctx); 673 return testresult; 674 } 675 676 typedef struct { 677 const unsigned char *iv1; 678 const unsigned char *iv2; 679 const unsigned char *expected1; 680 const unsigned char *expected2; 681 const unsigned char *tag1; 682 const unsigned char *tag2; 683 size_t ivlen1; 684 size_t ivlen2; 685 size_t expectedlen1; 686 size_t expectedlen2; 687 } TEST_GCM_IV_REINIT_st; 688 689 static const TEST_GCM_IV_REINIT_st gcm_reinit_tests[] = { 690 { 691 iGCMResetIV1, iGCMResetIV2, gcmResetCiphertext1, gcmResetCiphertext2, 692 gcmResetTag1, gcmResetTag2, sizeof(iGCMResetIV1), sizeof(iGCMResetIV2), 693 sizeof(gcmResetCiphertext1), sizeof(gcmResetCiphertext2) 694 }, 695 { 696 iGCMResetIV2, iGCMResetIV1, gcmResetCiphertext2, gcmResetCiphertext1, 697 gcmResetTag2, gcmResetTag1, sizeof(iGCMResetIV2), sizeof(iGCMResetIV1), 698 sizeof(gcmResetCiphertext2), sizeof(gcmResetCiphertext1) 699 } 700 }; 701 702 static int test_gcm_reinit(int idx) 703 { 704 int outlen1, outlen2, outlen3; 705 int testresult = 0; 706 unsigned char outbuf[1024]; 707 unsigned char tag[16]; 708 const TEST_GCM_IV_REINIT_st *t = &gcm_reinit_tests[idx]; 709 EVP_CIPHER_CTX *ctx = NULL; 710 const EVP_CIPHER *type = NULL; 711 size_t taglen = sizeof(tag); 712 char *errmsg = NULL; 713 714 if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new())) { 715 errmsg = "CTX_ALLOC"; 716 goto err; 717 } 718 if (!TEST_ptr(type = EVP_get_cipherbyname("aes-256-gcm"))) { 719 errmsg = "GET_CIPHERBYNAME"; 720 goto err; 721 } 722 if (!TEST_true(EVP_CipherInit_ex(ctx, type, NULL, NULL, NULL, 1))) { 723 errmsg = "ENC_INIT"; 724 goto err; 725 } 726 if (!TEST_true(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_IVLEN, t->ivlen1, NULL))) { 727 errmsg = "SET_IVLEN1"; 728 goto err; 729 } 730 if (!TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, kGCMResetKey, t->iv1, 1))) { 731 errmsg = "SET_IV1"; 732 goto err; 733 } 734 if (!TEST_true(EVP_CipherUpdate(ctx, NULL, &outlen3, gcmAAD, sizeof(gcmAAD)))) { 735 errmsg = "AAD1"; 736 goto err; 737 } 738 EVP_CIPHER_CTX_set_padding(ctx, 0); 739 if (!TEST_true(EVP_CipherUpdate(ctx, outbuf, &outlen1, gcmResetPlaintext, 740 sizeof(gcmResetPlaintext)))) { 741 errmsg = "CIPHER_UPDATE1"; 742 goto err; 743 } 744 if (!TEST_true(EVP_CipherFinal_ex(ctx, outbuf + outlen1, &outlen2))) { 745 errmsg = "CIPHER_FINAL1"; 746 goto err; 747 } 748 if (!TEST_mem_eq(t->expected1, t->expectedlen1, outbuf, outlen1 + outlen2)) { 749 errmsg = "WRONG_RESULT1"; 750 goto err; 751 } 752 if (!TEST_true(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, taglen, tag))) { 753 errmsg = "GET_TAG1"; 754 goto err; 755 } 756 if (!TEST_mem_eq(t->tag1, taglen, tag, taglen)) { 757 errmsg = "TAG_ERROR1"; 758 goto err; 759 } 760 /* Now reinit */ 761 if (!TEST_true(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_IVLEN, t->ivlen2, NULL))) { 762 errmsg = "SET_IVLEN2"; 763 goto err; 764 } 765 if (!TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, NULL, t->iv2, -1))) { 766 errmsg = "SET_IV2"; 767 goto err; 768 } 769 if (!TEST_true(EVP_CipherUpdate(ctx, NULL, &outlen3, gcmAAD, sizeof(gcmAAD)))) { 770 errmsg = "AAD2"; 771 goto err; 772 } 773 if (!TEST_true(EVP_CipherUpdate(ctx, outbuf, &outlen1, gcmResetPlaintext, 774 sizeof(gcmResetPlaintext)))) { 775 errmsg = "CIPHER_UPDATE2"; 776 goto err; 777 } 778 if (!TEST_true(EVP_CipherFinal_ex(ctx, outbuf + outlen1, &outlen2))) { 779 errmsg = "CIPHER_FINAL2"; 780 goto err; 781 } 782 if (!TEST_mem_eq(t->expected2, t->expectedlen2, outbuf, outlen1 + outlen2)) { 783 errmsg = "WRONG_RESULT2"; 784 goto err; 785 } 786 if (!TEST_true(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, taglen, tag))) { 787 errmsg = "GET_TAG2"; 788 goto err; 789 } 790 if (!TEST_mem_eq(t->tag2, taglen, tag, taglen)) { 791 errmsg = "TAG_ERROR2"; 792 goto err; 793 } 794 testresult = 1; 795 err: 796 if (errmsg != NULL) 797 TEST_info("evp_init_test %d: %s", idx, errmsg); 798 EVP_CIPHER_CTX_free(ctx); 799 return testresult; 800 } 801 802 typedef struct { 803 const char *cipher; 804 int enc; 805 } EVP_UPDATED_IV_TEST_st; 806 807 static const EVP_UPDATED_IV_TEST_st evp_updated_iv_tests[] = { 808 { 809 "aes-128-cfb", 1 810 }, 811 { 812 "aes-128-cfb", 0 813 }, 814 { 815 "aes-128-cfb1", 1 816 }, 817 { 818 "aes-128-cfb1", 0 819 }, 820 { 821 "aes-128-cfb128", 1 822 }, 823 { 824 "aes-128-cfb128", 0 825 }, 826 { 827 "aes-128-cfb8", 1 828 }, 829 { 830 "aes-128-cfb8", 0 831 }, 832 { 833 "aes-128-ofb", 1 834 }, 835 { 836 "aes-128-ofb", 0 837 }, 838 { 839 "aes-128-ctr", 1 840 }, 841 { 842 "aes-128-ctr", 0 843 }, 844 { 845 "aes-128-cbc", 1 846 }, 847 { 848 "aes-128-cbc", 0 849 } 850 }; 851 852 /* 853 * Test that the IV in the context is updated during a crypto operation for CFB 854 * and OFB. 855 */ 856 static int test_evp_updated_iv(int idx) 857 { 858 const EVP_UPDATED_IV_TEST_st *t = &evp_updated_iv_tests[idx]; 859 int outlen1, outlen2; 860 int testresult = 0; 861 unsigned char outbuf[1024]; 862 EVP_CIPHER_CTX *ctx = NULL; 863 const EVP_CIPHER *type = NULL; 864 const unsigned char *updated_iv; 865 int iv_len; 866 char *errmsg = NULL; 867 868 if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new())) { 869 errmsg = "CTX_ALLOC"; 870 goto err; 871 } 872 if ((type = EVP_get_cipherbyname(t->cipher)) == NULL) { 873 TEST_info("cipher %s not supported, skipping", t->cipher); 874 goto ok; 875 } 876 if (!TEST_true(EVP_CipherInit_ex(ctx, type, NULL, kCFBDefaultKey, iCFBIV, t->enc))) { 877 errmsg = "CIPHER_INIT"; 878 goto err; 879 } 880 if (!TEST_true(EVP_CIPHER_CTX_set_padding(ctx, 0))) { 881 errmsg = "PADDING"; 882 goto err; 883 } 884 if (!TEST_true(EVP_CipherUpdate(ctx, outbuf, &outlen1, cfbPlaintext, sizeof(cfbPlaintext)))) { 885 errmsg = "CIPHER_UPDATE"; 886 goto err; 887 } 888 if (!TEST_ptr(updated_iv = EVP_CIPHER_CTX_iv(ctx))) { 889 errmsg = "CIPHER_CTX_IV"; 890 goto err; 891 } 892 if (!TEST_true(iv_len = EVP_CIPHER_CTX_iv_length(ctx))) { 893 errmsg = "CIPHER_CTX_IV_LEN"; 894 goto err; 895 } 896 if (!TEST_mem_ne(iCFBIV, sizeof(iCFBIV), updated_iv, iv_len)) { 897 errmsg = "IV_NOT_UPDATED"; 898 goto err; 899 } 900 if (!TEST_true(EVP_CipherFinal_ex(ctx, outbuf + outlen1, &outlen2))) { 901 errmsg = "CIPHER_FINAL"; 902 goto err; 903 } 904 ok: 905 testresult = 1; 906 err: 907 if (errmsg != NULL) 908 TEST_info("test_evp_updated_iv %d: %s", idx, errmsg); 909 EVP_CIPHER_CTX_free(ctx); 910 return testresult; 911 } 912 913 static APK_DATA keydata[] = { 914 {kExampleRSAKeyDER, sizeof(kExampleRSAKeyDER), EVP_PKEY_RSA}, 915 {kExampleRSAKeyPKCS8, sizeof(kExampleRSAKeyPKCS8), EVP_PKEY_RSA}, 916 #ifndef OPENSSL_NO_EC 917 {kExampleECKeyDER, sizeof(kExampleECKeyDER), EVP_PKEY_EC} 918 #endif 919 }; 920 921 static APK_DATA keycheckdata[] = { 922 {kExampleRSAKeyDER, sizeof(kExampleRSAKeyDER), EVP_PKEY_RSA, 1, -2, -2, 0}, 923 {kExampleBadRSAKeyDER, sizeof(kExampleBadRSAKeyDER), EVP_PKEY_RSA, 924 0, -2, -2, 0}, 925 #ifndef OPENSSL_NO_EC 926 {kExampleECKeyDER, sizeof(kExampleECKeyDER), EVP_PKEY_EC, 1, 1, 1, 0}, 927 /* group is also associated in our pub key */ 928 {kExampleECPubKeyDER, sizeof(kExampleECPubKeyDER), EVP_PKEY_EC, 0, 1, 1, 1}, 929 {pExampleECParamDER, sizeof(pExampleECParamDER), EVP_PKEY_EC, 0, 0, 1, 2} 930 #endif 931 }; 932 933 static EVP_PKEY *load_example_rsa_key(void) 934 { 935 EVP_PKEY *ret = NULL; 936 const unsigned char *derp = kExampleRSAKeyDER; 937 EVP_PKEY *pkey = NULL; 938 RSA *rsa = NULL; 939 940 if (!TEST_true(d2i_RSAPrivateKey(&rsa, &derp, sizeof(kExampleRSAKeyDER)))) 941 return NULL; 942 943 if (!TEST_ptr(pkey = EVP_PKEY_new()) 944 || !TEST_true(EVP_PKEY_set1_RSA(pkey, rsa))) 945 goto end; 946 947 ret = pkey; 948 pkey = NULL; 949 950 end: 951 EVP_PKEY_free(pkey); 952 RSA_free(rsa); 953 954 return ret; 955 } 956 957 static int test_EVP_Enveloped(void) 958 { 959 int ret = 0; 960 EVP_CIPHER_CTX *ctx = NULL; 961 EVP_PKEY *keypair = NULL; 962 unsigned char *kek = NULL; 963 unsigned char iv[EVP_MAX_IV_LENGTH]; 964 static const unsigned char msg[] = { 1, 2, 3, 4, 5, 6, 7, 8 }; 965 int len, kek_len, ciphertext_len, plaintext_len; 966 unsigned char ciphertext[32], plaintext[16]; 967 const EVP_CIPHER *type = EVP_aes_256_cbc(); 968 969 if (!TEST_ptr(keypair = load_example_rsa_key()) 970 || !TEST_ptr(kek = OPENSSL_zalloc(EVP_PKEY_size(keypair))) 971 || !TEST_ptr(ctx = EVP_CIPHER_CTX_new()) 972 || !TEST_true(EVP_SealInit(ctx, type, &kek, &kek_len, iv, 973 &keypair, 1)) 974 || !TEST_true(EVP_SealUpdate(ctx, ciphertext, &ciphertext_len, 975 msg, sizeof(msg))) 976 || !TEST_true(EVP_SealFinal(ctx, ciphertext + ciphertext_len, 977 &len))) 978 goto err; 979 980 ciphertext_len += len; 981 982 if (!TEST_true(EVP_OpenInit(ctx, type, kek, kek_len, iv, keypair)) 983 || !TEST_true(EVP_OpenUpdate(ctx, plaintext, &plaintext_len, 984 ciphertext, ciphertext_len)) 985 || !TEST_true(EVP_OpenFinal(ctx, plaintext + plaintext_len, &len))) 986 goto err; 987 988 plaintext_len += len; 989 if (!TEST_mem_eq(msg, sizeof(msg), plaintext, plaintext_len)) 990 goto err; 991 992 ret = 1; 993 err: 994 OPENSSL_free(kek); 995 EVP_PKEY_free(keypair); 996 EVP_CIPHER_CTX_free(ctx); 997 return ret; 998 } 999 1000 1001 static int test_EVP_DigestSignInit(void) 1002 { 1003 int ret = 0; 1004 EVP_PKEY *pkey = NULL; 1005 unsigned char *sig = NULL; 1006 size_t sig_len = 0; 1007 EVP_MD_CTX *md_ctx, *md_ctx_verify = NULL; 1008 1009 if (!TEST_ptr(md_ctx = EVP_MD_CTX_new()) 1010 || !TEST_ptr(md_ctx_verify = EVP_MD_CTX_new()) 1011 || !TEST_ptr(pkey = load_example_rsa_key())) 1012 goto out; 1013 1014 if (!TEST_true(EVP_DigestSignInit(md_ctx, NULL, EVP_sha256(), NULL, pkey)) 1015 || !TEST_true(EVP_DigestSignUpdate(md_ctx, kMsg, sizeof(kMsg)))) 1016 goto out; 1017 1018 /* Determine the size of the signature. */ 1019 if (!TEST_true(EVP_DigestSignFinal(md_ctx, NULL, &sig_len)) 1020 || !TEST_size_t_eq(sig_len, (size_t)EVP_PKEY_size(pkey))) 1021 goto out; 1022 1023 if (!TEST_ptr(sig = OPENSSL_malloc(sig_len)) 1024 || !TEST_true(EVP_DigestSignFinal(md_ctx, sig, &sig_len))) 1025 goto out; 1026 1027 /* Ensure that the signature round-trips. */ 1028 if (!TEST_true(EVP_DigestVerifyInit(md_ctx_verify, NULL, EVP_sha256(), 1029 NULL, pkey)) 1030 || !TEST_true(EVP_DigestVerifyUpdate(md_ctx_verify, 1031 kMsg, sizeof(kMsg))) 1032 || !TEST_true(EVP_DigestVerifyFinal(md_ctx_verify, sig, sig_len))) 1033 goto out; 1034 1035 ret = 1; 1036 1037 out: 1038 EVP_MD_CTX_free(md_ctx); 1039 EVP_MD_CTX_free(md_ctx_verify); 1040 EVP_PKEY_free(pkey); 1041 OPENSSL_free(sig); 1042 1043 return ret; 1044 } 1045 1046 static int test_EVP_DigestVerifyInit(void) 1047 { 1048 int ret = 0; 1049 EVP_PKEY *pkey = NULL; 1050 EVP_MD_CTX *md_ctx = NULL; 1051 1052 if (!TEST_ptr(md_ctx = EVP_MD_CTX_new()) 1053 || !TEST_ptr(pkey = load_example_rsa_key())) 1054 goto out; 1055 1056 if (!TEST_true(EVP_DigestVerifyInit(md_ctx, NULL, EVP_sha256(), NULL, pkey)) 1057 || !TEST_true(EVP_DigestVerifyUpdate(md_ctx, kMsg, sizeof(kMsg))) 1058 || !TEST_true(EVP_DigestVerifyFinal(md_ctx, kSignature, 1059 sizeof(kSignature)))) 1060 goto out; 1061 ret = 1; 1062 1063 out: 1064 EVP_MD_CTX_free(md_ctx); 1065 EVP_PKEY_free(pkey); 1066 return ret; 1067 } 1068 1069 static int test_d2i_AutoPrivateKey(int i) 1070 { 1071 int ret = 0; 1072 const unsigned char *p; 1073 EVP_PKEY *pkey = NULL; 1074 const APK_DATA *ak = &keydata[i]; 1075 const unsigned char *input = ak->kder; 1076 size_t input_len = ak->size; 1077 int expected_id = ak->evptype; 1078 1079 p = input; 1080 if (!TEST_ptr(pkey = d2i_AutoPrivateKey(NULL, &p, input_len)) 1081 || !TEST_ptr_eq(p, input + input_len) 1082 || !TEST_int_eq(EVP_PKEY_id(pkey), expected_id)) 1083 goto done; 1084 1085 ret = 1; 1086 1087 done: 1088 EVP_PKEY_free(pkey); 1089 return ret; 1090 } 1091 1092 #ifndef OPENSSL_NO_EC 1093 1094 static const unsigned char ec_public_sect163k1_validxy[] = { 1095 0x30, 0x40, 0x30, 0x10, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02, 1096 0x01, 0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x01, 0x03, 0x2c, 0x00, 0x04, 1097 0x02, 0x84, 0x58, 0xa6, 0xd4, 0xa0, 0x35, 0x2b, 0xae, 0xf0, 0xc0, 0x69, 1098 0x05, 0xcf, 0x2a, 0x50, 0x33, 0xf9, 0xe3, 0x92, 0x79, 0x02, 0xd1, 0x7b, 1099 0x9f, 0x22, 0x00, 0xf0, 0x3b, 0x0e, 0x5d, 0x2e, 0xb7, 0x23, 0x24, 0xf3, 1100 0x6a, 0xd8, 0x17, 0x65, 0x41, 0x2f 1101 }; 1102 1103 static const unsigned char ec_public_sect163k1_badx[] = { 1104 0x30, 0x40, 0x30, 0x10, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02, 1105 0x01, 0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x01, 0x03, 0x2c, 0x00, 0x04, 1106 0x0a, 0x84, 0x58, 0xa6, 0xd4, 0xa0, 0x35, 0x2b, 0xae, 0xf0, 0xc0, 0x69, 1107 0x05, 0xcf, 0x2a, 0x50, 0x33, 0xf9, 0xe3, 0x92, 0xb0, 0x02, 0xd1, 0x7b, 1108 0x9f, 0x22, 0x00, 0xf0, 0x3b, 0x0e, 0x5d, 0x2e, 0xb7, 0x23, 0x24, 0xf3, 1109 0x6a, 0xd8, 0x17, 0x65, 0x41, 0x2f 1110 }; 1111 1112 static const unsigned char ec_public_sect163k1_bady[] = { 1113 0x30, 0x40, 0x30, 0x10, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02, 1114 0x01, 0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x01, 0x03, 0x2c, 0x00, 0x04, 1115 0x02, 0x84, 0x58, 0xa6, 0xd4, 0xa0, 0x35, 0x2b, 0xae, 0xf0, 0xc0, 0x69, 1116 0x05, 0xcf, 0x2a, 0x50, 0x33, 0xf9, 0xe3, 0x92, 0x79, 0x0a, 0xd1, 0x7b, 1117 0x9f, 0x22, 0x00, 0xf0, 0x3b, 0x0e, 0x5d, 0x2e, 0xb7, 0x23, 0x24, 0xf3, 1118 0x6a, 0xd8, 0x17, 0x65, 0x41, 0xe6 1119 }; 1120 1121 static struct ec_der_pub_keys_st { 1122 const unsigned char *der; 1123 size_t len; 1124 int valid; 1125 } ec_der_pub_keys[] = { 1126 { ec_public_sect163k1_validxy, sizeof(ec_public_sect163k1_validxy), 1 }, 1127 { ec_public_sect163k1_badx, sizeof(ec_public_sect163k1_badx), 0 }, 1128 { ec_public_sect163k1_bady, sizeof(ec_public_sect163k1_bady), 0 }, 1129 }; 1130 1131 /* 1132 * Tests the range of the decoded EC char2 public point. 1133 * See ec_GF2m_simple_oct2point(). 1134 */ 1135 static int test_invalide_ec_char2_pub_range_decode(int id) 1136 { 1137 int ret = 0; 1138 BIO *bio = NULL; 1139 EC_KEY *eckey = NULL; 1140 1141 if (!TEST_ptr(bio = BIO_new_mem_buf(ec_der_pub_keys[id].der, 1142 ec_der_pub_keys[id].len))) 1143 goto err; 1144 eckey = d2i_EC_PUBKEY_bio(bio, NULL); 1145 ret = (ec_der_pub_keys[id].valid && TEST_ptr(eckey)) 1146 || TEST_ptr_null(eckey); 1147 err: 1148 EC_KEY_free(eckey); 1149 BIO_free(bio); 1150 return ret; 1151 } 1152 1153 /* Tests loading a bad key in PKCS8 format */ 1154 static int test_EVP_PKCS82PKEY(void) 1155 { 1156 int ret = 0; 1157 const unsigned char *derp = kExampleBadECKeyDER; 1158 PKCS8_PRIV_KEY_INFO *p8inf = NULL; 1159 EVP_PKEY *pkey = NULL; 1160 1161 if (!TEST_ptr(p8inf = d2i_PKCS8_PRIV_KEY_INFO(NULL, &derp, 1162 sizeof(kExampleBadECKeyDER)))) 1163 goto done; 1164 1165 if (!TEST_ptr_eq(derp, 1166 kExampleBadECKeyDER + sizeof(kExampleBadECKeyDER))) 1167 goto done; 1168 1169 if (!TEST_ptr_null(pkey = EVP_PKCS82PKEY(p8inf))) 1170 goto done; 1171 1172 ret = 1; 1173 1174 done: 1175 PKCS8_PRIV_KEY_INFO_free(p8inf); 1176 EVP_PKEY_free(pkey); 1177 1178 return ret; 1179 } 1180 #endif 1181 1182 #ifndef OPENSSL_NO_SM2 1183 1184 static int test_EVP_SM2_verify(void) 1185 { 1186 /* From https://tools.ietf.org/html/draft-shen-sm2-ecdsa-02#appendix-A */ 1187 const char *pubkey = 1188 "-----BEGIN PUBLIC KEY-----\n" 1189 "MIIBMzCB7AYHKoZIzj0CATCB4AIBATAsBgcqhkjOPQEBAiEAhULWnkwETxjouSQ1\n" 1190 "v2/33kVyg5FcRVF9ci7biwjx38MwRAQgeHlotPoyw/0kF4Quc7v+/y88hItoMdfg\n" 1191 "7GUiizk35JgEIGPkxtOyOwyEnPhCQUhL/kj2HVmlsWugbm4S0donxSSaBEEEQh3r\n" 1192 "1hti6rZ0ZDTrw8wxXjIiCzut1QvcTE5sFH/t1D0GgFEry7QsB9RzSdIVO3DE5df9\n" 1193 "/L+jbqGoWEG55G4JogIhAIVC1p5MBE8Y6LkkNb9v990pdyBjBIVijVrnTufDLnm3\n" 1194 "AgEBA0IABArkx3mKoPEZRxvuEYJb5GICu3nipYRElel8BP9N8lSKfAJA+I8c1OFj\n" 1195 "Uqc8F7fxbwc1PlOhdtaEqf4Ma7eY6Fc=\n" 1196 "-----END PUBLIC KEY-----\n"; 1197 1198 const char *msg = "message digest"; 1199 const char *id = "ALICE123@YAHOO.COM"; 1200 1201 const uint8_t signature[] = { 1202 0x30, 0x44, 0x02, 0x20, 1203 1204 0x40, 0xF1, 0xEC, 0x59, 0xF7, 0x93, 0xD9, 0xF4, 0x9E, 0x09, 0xDC, 1205 0xEF, 0x49, 0x13, 0x0D, 0x41, 0x94, 0xF7, 0x9F, 0xB1, 0xEE, 0xD2, 1206 0xCA, 0xA5, 0x5B, 0xAC, 0xDB, 0x49, 0xC4, 0xE7, 0x55, 0xD1, 1207 1208 0x02, 0x20, 1209 1210 0x6F, 0xC6, 0xDA, 0xC3, 0x2C, 0x5D, 0x5C, 0xF1, 0x0C, 0x77, 0xDF, 1211 0xB2, 0x0F, 0x7C, 0x2E, 0xB6, 0x67, 0xA4, 0x57, 0x87, 0x2F, 0xB0, 1212 0x9E, 0xC5, 0x63, 0x27, 0xA6, 0x7E, 0xC7, 0xDE, 0xEB, 0xE7 1213 }; 1214 1215 int rc = 0; 1216 BIO *bio = NULL; 1217 EVP_PKEY *pkey = NULL; 1218 EVP_MD_CTX *mctx = NULL; 1219 EVP_PKEY_CTX *pctx = NULL; 1220 1221 bio = BIO_new_mem_buf(pubkey, strlen(pubkey)); 1222 if (!TEST_true(bio != NULL)) 1223 goto done; 1224 1225 pkey = PEM_read_bio_PUBKEY(bio, NULL, NULL, NULL); 1226 if (!TEST_true(pkey != NULL)) 1227 goto done; 1228 1229 if (!TEST_true(EVP_PKEY_set_alias_type(pkey, EVP_PKEY_SM2))) 1230 goto done; 1231 1232 if (!TEST_ptr(mctx = EVP_MD_CTX_new())) 1233 goto done; 1234 1235 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new(pkey, NULL))) 1236 goto done; 1237 1238 if (!TEST_int_gt(EVP_PKEY_CTX_set1_id(pctx, (const uint8_t *)id, 1239 strlen(id)), 0)) 1240 goto done; 1241 1242 EVP_MD_CTX_set_pkey_ctx(mctx, pctx); 1243 1244 if (!TEST_true(EVP_DigestVerifyInit(mctx, NULL, EVP_sm3(), NULL, pkey))) 1245 goto done; 1246 1247 if (!TEST_true(EVP_DigestVerifyUpdate(mctx, msg, strlen(msg)))) 1248 goto done; 1249 1250 if (!TEST_true(EVP_DigestVerifyFinal(mctx, signature, sizeof(signature)))) 1251 goto done; 1252 rc = 1; 1253 1254 done: 1255 BIO_free(bio); 1256 EVP_PKEY_free(pkey); 1257 EVP_PKEY_CTX_free(pctx); 1258 EVP_MD_CTX_free(mctx); 1259 return rc; 1260 } 1261 1262 static int test_EVP_SM2(void) 1263 { 1264 int ret = 0; 1265 EVP_PKEY *pkey = NULL; 1266 EVP_PKEY *params = NULL; 1267 EVP_PKEY_CTX *pctx = NULL; 1268 EVP_PKEY_CTX *kctx = NULL; 1269 EVP_PKEY_CTX *sctx = NULL; 1270 size_t sig_len = 0; 1271 unsigned char *sig = NULL; 1272 EVP_MD_CTX *md_ctx = NULL; 1273 EVP_MD_CTX *md_ctx_verify = NULL; 1274 EVP_PKEY_CTX *cctx = NULL; 1275 1276 uint8_t ciphertext[128]; 1277 size_t ctext_len = sizeof(ciphertext); 1278 1279 uint8_t plaintext[8]; 1280 size_t ptext_len = sizeof(plaintext); 1281 1282 uint8_t sm2_id[] = {1, 2, 3, 4, 'l', 'e', 't', 't', 'e', 'r'}; 1283 1284 pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_EC, NULL); 1285 if (!TEST_ptr(pctx)) 1286 goto done; 1287 1288 if (!TEST_true(EVP_PKEY_paramgen_init(pctx) == 1)) 1289 goto done; 1290 1291 if (!TEST_true(EVP_PKEY_CTX_set_ec_paramgen_curve_nid(pctx, NID_sm2))) 1292 goto done; 1293 1294 if (!TEST_true(EVP_PKEY_paramgen(pctx, ¶ms))) 1295 goto done; 1296 1297 kctx = EVP_PKEY_CTX_new(params, NULL); 1298 if (!TEST_ptr(kctx)) 1299 goto done; 1300 1301 if (!TEST_true(EVP_PKEY_keygen_init(kctx))) 1302 goto done; 1303 1304 if (!TEST_true(EVP_PKEY_keygen(kctx, &pkey))) 1305 goto done; 1306 1307 if (!TEST_true(EVP_PKEY_set_alias_type(pkey, EVP_PKEY_SM2))) 1308 goto done; 1309 1310 if (!TEST_ptr(md_ctx = EVP_MD_CTX_new())) 1311 goto done; 1312 1313 if (!TEST_ptr(md_ctx_verify = EVP_MD_CTX_new())) 1314 goto done; 1315 1316 if (!TEST_ptr(sctx = EVP_PKEY_CTX_new(pkey, NULL))) 1317 goto done; 1318 1319 EVP_MD_CTX_set_pkey_ctx(md_ctx, sctx); 1320 EVP_MD_CTX_set_pkey_ctx(md_ctx_verify, sctx); 1321 1322 if (!TEST_int_gt(EVP_PKEY_CTX_set1_id(sctx, sm2_id, sizeof(sm2_id)), 0)) 1323 goto done; 1324 1325 if (!TEST_true(EVP_DigestSignInit(md_ctx, NULL, EVP_sm3(), NULL, pkey))) 1326 goto done; 1327 1328 if(!TEST_true(EVP_DigestSignUpdate(md_ctx, kMsg, sizeof(kMsg)))) 1329 goto done; 1330 1331 /* Determine the size of the signature. */ 1332 if (!TEST_true(EVP_DigestSignFinal(md_ctx, NULL, &sig_len))) 1333 goto done; 1334 1335 if (!TEST_size_t_eq(sig_len, (size_t)EVP_PKEY_size(pkey))) 1336 goto done; 1337 1338 if (!TEST_ptr(sig = OPENSSL_malloc(sig_len))) 1339 goto done; 1340 1341 if (!TEST_true(EVP_DigestSignFinal(md_ctx, sig, &sig_len))) 1342 goto done; 1343 1344 /* Ensure that the signature round-trips. */ 1345 1346 if (!TEST_true(EVP_DigestVerifyInit(md_ctx_verify, NULL, EVP_sm3(), NULL, pkey))) 1347 goto done; 1348 1349 if (!TEST_true(EVP_DigestVerifyUpdate(md_ctx_verify, kMsg, sizeof(kMsg)))) 1350 goto done; 1351 1352 if (!TEST_true(EVP_DigestVerifyFinal(md_ctx_verify, sig, sig_len))) 1353 goto done; 1354 1355 /* now check encryption/decryption */ 1356 1357 if (!TEST_ptr(cctx = EVP_PKEY_CTX_new(pkey, NULL))) 1358 goto done; 1359 1360 if (!TEST_true(EVP_PKEY_encrypt_init(cctx))) 1361 goto done; 1362 1363 if (!TEST_true(EVP_PKEY_encrypt(cctx, ciphertext, &ctext_len, kMsg, sizeof(kMsg)))) 1364 goto done; 1365 1366 if (!TEST_true(EVP_PKEY_decrypt_init(cctx))) 1367 goto done; 1368 1369 if (!TEST_true(EVP_PKEY_decrypt(cctx, plaintext, &ptext_len, ciphertext, ctext_len))) 1370 goto done; 1371 1372 if (!TEST_true(ptext_len == sizeof(kMsg))) 1373 goto done; 1374 1375 if (!TEST_true(memcmp(plaintext, kMsg, sizeof(kMsg)) == 0)) 1376 goto done; 1377 1378 ret = 1; 1379 done: 1380 EVP_PKEY_CTX_free(pctx); 1381 EVP_PKEY_CTX_free(kctx); 1382 EVP_PKEY_CTX_free(sctx); 1383 EVP_PKEY_CTX_free(cctx); 1384 EVP_PKEY_free(pkey); 1385 EVP_PKEY_free(params); 1386 EVP_MD_CTX_free(md_ctx); 1387 EVP_MD_CTX_free(md_ctx_verify); 1388 OPENSSL_free(sig); 1389 return ret; 1390 } 1391 1392 #endif 1393 1394 static struct keys_st { 1395 int type; 1396 char *priv; 1397 char *pub; 1398 } keys[] = { 1399 { 1400 EVP_PKEY_HMAC, "0123456789", NULL 1401 #ifndef OPENSSL_NO_POLY1305 1402 }, { 1403 EVP_PKEY_POLY1305, "01234567890123456789012345678901", NULL 1404 #endif 1405 #ifndef OPENSSL_NO_SIPHASH 1406 }, { 1407 EVP_PKEY_SIPHASH, "0123456789012345", NULL 1408 #endif 1409 }, 1410 #ifndef OPENSSL_NO_EC 1411 { 1412 EVP_PKEY_X25519, "01234567890123456789012345678901", 1413 "abcdefghijklmnopqrstuvwxyzabcdef" 1414 }, { 1415 EVP_PKEY_ED25519, "01234567890123456789012345678901", 1416 "abcdefghijklmnopqrstuvwxyzabcdef" 1417 }, { 1418 EVP_PKEY_X448, 1419 "01234567890123456789012345678901234567890123456789012345", 1420 "abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcd" 1421 }, { 1422 EVP_PKEY_ED448, 1423 "012345678901234567890123456789012345678901234567890123456", 1424 "abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcde" 1425 } 1426 #endif 1427 }; 1428 1429 static int test_set_get_raw_keys_int(int tst, int pub) 1430 { 1431 int ret = 0; 1432 unsigned char buf[80]; 1433 unsigned char *in; 1434 size_t inlen, len = 0; 1435 EVP_PKEY *pkey; 1436 1437 /* Check if this algorithm supports public keys */ 1438 if (pub && keys[tst].pub == NULL) 1439 return 1; 1440 1441 memset(buf, 0, sizeof(buf)); 1442 1443 if (pub) { 1444 #ifndef OPENSSL_NO_EC 1445 inlen = strlen(keys[tst].pub); 1446 in = (unsigned char *)keys[tst].pub; 1447 pkey = EVP_PKEY_new_raw_public_key(keys[tst].type, 1448 NULL, 1449 in, 1450 inlen); 1451 #else 1452 return 1; 1453 #endif 1454 } else { 1455 inlen = strlen(keys[tst].priv); 1456 in = (unsigned char *)keys[tst].priv; 1457 pkey = EVP_PKEY_new_raw_private_key(keys[tst].type, 1458 NULL, 1459 in, 1460 inlen); 1461 } 1462 1463 if (!TEST_ptr(pkey) 1464 || !TEST_int_eq(EVP_PKEY_cmp(pkey, pkey), 1) 1465 || (!pub && !TEST_true(EVP_PKEY_get_raw_private_key(pkey, NULL, &len))) 1466 || (pub && !TEST_true(EVP_PKEY_get_raw_public_key(pkey, NULL, &len))) 1467 || !TEST_true(len == inlen) 1468 || (!pub && !TEST_true(EVP_PKEY_get_raw_private_key(pkey, buf, &len))) 1469 || (pub && !TEST_true(EVP_PKEY_get_raw_public_key(pkey, buf, &len))) 1470 || !TEST_mem_eq(in, inlen, buf, len)) 1471 goto done; 1472 1473 ret = 1; 1474 done: 1475 EVP_PKEY_free(pkey); 1476 return ret; 1477 } 1478 1479 static int test_set_get_raw_keys(int tst) 1480 { 1481 return test_set_get_raw_keys_int(tst, 0) 1482 && test_set_get_raw_keys_int(tst, 1); 1483 } 1484 1485 static int pkey_custom_check(EVP_PKEY *pkey) 1486 { 1487 return 0xbeef; 1488 } 1489 1490 static int pkey_custom_pub_check(EVP_PKEY *pkey) 1491 { 1492 return 0xbeef; 1493 } 1494 1495 static int pkey_custom_param_check(EVP_PKEY *pkey) 1496 { 1497 return 0xbeef; 1498 } 1499 1500 static EVP_PKEY_METHOD *custom_pmeth; 1501 1502 static int test_EVP_PKEY_check(int i) 1503 { 1504 int ret = 0; 1505 const unsigned char *p; 1506 EVP_PKEY *pkey = NULL; 1507 #ifndef OPENSSL_NO_EC 1508 EC_KEY *eckey = NULL; 1509 #endif 1510 EVP_PKEY_CTX *ctx = NULL; 1511 EVP_PKEY_CTX *ctx2 = NULL; 1512 const APK_DATA *ak = &keycheckdata[i]; 1513 const unsigned char *input = ak->kder; 1514 size_t input_len = ak->size; 1515 int expected_id = ak->evptype; 1516 int expected_check = ak->check; 1517 int expected_pub_check = ak->pub_check; 1518 int expected_param_check = ak->param_check; 1519 int type = ak->type; 1520 BIO *pubkey = NULL; 1521 1522 p = input; 1523 1524 switch (type) { 1525 case 0: 1526 if (!TEST_ptr(pkey = d2i_AutoPrivateKey(NULL, &p, input_len)) 1527 || !TEST_ptr_eq(p, input + input_len) 1528 || !TEST_int_eq(EVP_PKEY_id(pkey), expected_id)) 1529 goto done; 1530 break; 1531 #ifndef OPENSSL_NO_EC 1532 case 1: 1533 if (!TEST_ptr(pubkey = BIO_new_mem_buf(input, input_len)) 1534 || !TEST_ptr(eckey = d2i_EC_PUBKEY_bio(pubkey, NULL)) 1535 || !TEST_ptr(pkey = EVP_PKEY_new()) 1536 || !TEST_true(EVP_PKEY_assign_EC_KEY(pkey, eckey))) 1537 goto done; 1538 break; 1539 case 2: 1540 if (!TEST_ptr(eckey = d2i_ECParameters(NULL, &p, input_len)) 1541 || !TEST_ptr_eq(p, input + input_len) 1542 || !TEST_ptr(pkey = EVP_PKEY_new()) 1543 || !TEST_true(EVP_PKEY_assign_EC_KEY(pkey, eckey))) 1544 goto done; 1545 break; 1546 #endif 1547 default: 1548 return 0; 1549 } 1550 1551 if (!TEST_ptr(ctx = EVP_PKEY_CTX_new(pkey, NULL))) 1552 goto done; 1553 1554 if (!TEST_int_eq(EVP_PKEY_check(ctx), expected_check)) 1555 goto done; 1556 1557 if (!TEST_int_eq(EVP_PKEY_public_check(ctx), expected_pub_check)) 1558 goto done; 1559 1560 if (!TEST_int_eq(EVP_PKEY_param_check(ctx), expected_param_check)) 1561 goto done; 1562 1563 ctx2 = EVP_PKEY_CTX_new_id(0xdefaced, NULL); 1564 /* assign the pkey directly, as an internal test */ 1565 EVP_PKEY_up_ref(pkey); 1566 ctx2->pkey = pkey; 1567 1568 if (!TEST_int_eq(EVP_PKEY_check(ctx2), 0xbeef)) 1569 goto done; 1570 1571 if (!TEST_int_eq(EVP_PKEY_public_check(ctx2), 0xbeef)) 1572 goto done; 1573 1574 if (!TEST_int_eq(EVP_PKEY_param_check(ctx2), 0xbeef)) 1575 goto done; 1576 1577 ret = 1; 1578 1579 done: 1580 EVP_PKEY_CTX_free(ctx); 1581 EVP_PKEY_CTX_free(ctx2); 1582 EVP_PKEY_free(pkey); 1583 BIO_free(pubkey); 1584 return ret; 1585 } 1586 1587 static int test_HKDF(void) 1588 { 1589 EVP_PKEY_CTX *pctx; 1590 unsigned char out[20]; 1591 size_t outlen; 1592 int i, ret = 0; 1593 unsigned char salt[] = "0123456789"; 1594 unsigned char key[] = "012345678901234567890123456789"; 1595 unsigned char info[] = "infostring"; 1596 const unsigned char expected[] = { 1597 0xe5, 0x07, 0x70, 0x7f, 0xc6, 0x78, 0xd6, 0x54, 0x32, 0x5f, 0x7e, 0xc5, 1598 0x7b, 0x59, 0x3e, 0xd8, 0x03, 0x6b, 0xed, 0xca 1599 }; 1600 size_t expectedlen = sizeof(expected); 1601 1602 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_HKDF, NULL))) 1603 goto done; 1604 1605 /* We do this twice to test reuse of the EVP_PKEY_CTX */ 1606 for (i = 0; i < 2; i++) { 1607 outlen = sizeof(out); 1608 memset(out, 0, outlen); 1609 1610 if (!TEST_int_gt(EVP_PKEY_derive_init(pctx), 0) 1611 || !TEST_int_gt(EVP_PKEY_CTX_set_hkdf_md(pctx, EVP_sha256()), 0) 1612 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_salt(pctx, salt, 1613 sizeof(salt) - 1), 0) 1614 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_key(pctx, key, 1615 sizeof(key) - 1), 0) 1616 || !TEST_int_gt(EVP_PKEY_CTX_add1_hkdf_info(pctx, info, 1617 sizeof(info) - 1), 0) 1618 || !TEST_int_gt(EVP_PKEY_derive(pctx, out, &outlen), 0) 1619 || !TEST_mem_eq(out, outlen, expected, expectedlen)) 1620 goto done; 1621 } 1622 1623 ret = 1; 1624 1625 done: 1626 EVP_PKEY_CTX_free(pctx); 1627 1628 return ret; 1629 } 1630 1631 #ifndef OPENSSL_NO_EC 1632 static int test_X509_PUBKEY_inplace(void) 1633 { 1634 int ret = 0; 1635 X509_PUBKEY *xp = NULL; 1636 const unsigned char *p = kExampleECPubKeyDER; 1637 size_t input_len = sizeof(kExampleECPubKeyDER); 1638 1639 if (!TEST_ptr(xp = d2i_X509_PUBKEY(NULL, &p, input_len))) 1640 goto done; 1641 1642 if (!TEST_ptr(X509_PUBKEY_get0(xp))) 1643 goto done; 1644 1645 p = kExampleBadECPubKeyDER; 1646 input_len = sizeof(kExampleBadECPubKeyDER); 1647 1648 if (!TEST_ptr(xp = d2i_X509_PUBKEY(&xp, &p, input_len))) 1649 goto done; 1650 1651 if (!TEST_true(X509_PUBKEY_get0(xp) == NULL)) 1652 goto done; 1653 1654 ret = 1; 1655 1656 done: 1657 X509_PUBKEY_free(xp); 1658 return ret; 1659 } 1660 #endif 1661 1662 #if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305) 1663 static int test_decrypt_null_chunks(void) 1664 { 1665 EVP_CIPHER_CTX* ctx = NULL; 1666 const unsigned char key[32] = { 1667 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 1668 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 1669 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1 1670 }; 1671 unsigned char iv[12] = { 1672 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b 1673 }; 1674 unsigned char msg[] = "It was the best of times, it was the worst of times"; 1675 unsigned char ciphertext[80]; 1676 unsigned char plaintext[80]; 1677 /* We initialise tmp to a non zero value on purpose */ 1678 int ctlen, ptlen, tmp = 99; 1679 int ret = 0; 1680 const int enc_offset = 10, dec_offset = 20; 1681 1682 if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new()) 1683 || !TEST_true(EVP_EncryptInit_ex(ctx, EVP_chacha20_poly1305(), NULL, 1684 key, iv)) 1685 || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext, &ctlen, msg, 1686 enc_offset)) 1687 /* Deliberate add a zero length update */ 1688 || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext + ctlen, &tmp, NULL, 1689 0)) 1690 || !TEST_int_eq(tmp, 0) 1691 || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext + ctlen, &tmp, 1692 msg + enc_offset, 1693 sizeof(msg) - enc_offset)) 1694 || !TEST_int_eq(ctlen += tmp, sizeof(msg)) 1695 || !TEST_true(EVP_EncryptFinal(ctx, ciphertext + ctlen, &tmp)) 1696 || !TEST_int_eq(tmp, 0)) 1697 goto err; 1698 1699 /* Deliberately initialise tmp to a non zero value */ 1700 tmp = 99; 1701 if (!TEST_true(EVP_DecryptInit_ex(ctx, EVP_chacha20_poly1305(), NULL, key, 1702 iv)) 1703 || !TEST_true(EVP_DecryptUpdate(ctx, plaintext, &ptlen, ciphertext, 1704 dec_offset)) 1705 /* 1706 * Deliberately add a zero length update. We also deliberately do 1707 * this at a different offset than for encryption. 1708 */ 1709 || !TEST_true(EVP_DecryptUpdate(ctx, plaintext + ptlen, &tmp, NULL, 1710 0)) 1711 || !TEST_int_eq(tmp, 0) 1712 || !TEST_true(EVP_DecryptUpdate(ctx, plaintext + ptlen, &tmp, 1713 ciphertext + dec_offset, 1714 ctlen - dec_offset)) 1715 || !TEST_int_eq(ptlen += tmp, sizeof(msg)) 1716 || !TEST_true(EVP_DecryptFinal(ctx, plaintext + ptlen, &tmp)) 1717 || !TEST_int_eq(tmp, 0) 1718 || !TEST_mem_eq(msg, sizeof(msg), plaintext, ptlen)) 1719 goto err; 1720 1721 ret = 1; 1722 err: 1723 EVP_CIPHER_CTX_free(ctx); 1724 return ret; 1725 } 1726 #endif /* !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305) */ 1727 1728 #ifndef OPENSSL_NO_DH 1729 static int test_EVP_PKEY_set1_DH(void) 1730 { 1731 DH *x942dh, *pkcs3dh; 1732 EVP_PKEY *pkey1, *pkey2; 1733 int ret = 0; 1734 1735 x942dh = DH_get_2048_256(); 1736 pkcs3dh = DH_new_by_nid(NID_ffdhe2048); 1737 pkey1 = EVP_PKEY_new(); 1738 pkey2 = EVP_PKEY_new(); 1739 if (!TEST_ptr(x942dh) 1740 || !TEST_ptr(pkcs3dh) 1741 || !TEST_ptr(pkey1) 1742 || !TEST_ptr(pkey2)) 1743 goto err; 1744 1745 if(!TEST_true(EVP_PKEY_set1_DH(pkey1, x942dh)) 1746 || !TEST_int_eq(EVP_PKEY_id(pkey1), EVP_PKEY_DHX)) 1747 goto err; 1748 1749 1750 if(!TEST_true(EVP_PKEY_set1_DH(pkey2, pkcs3dh)) 1751 || !TEST_int_eq(EVP_PKEY_id(pkey2), EVP_PKEY_DH)) 1752 goto err; 1753 1754 ret = 1; 1755 err: 1756 EVP_PKEY_free(pkey1); 1757 EVP_PKEY_free(pkey2); 1758 DH_free(x942dh); 1759 DH_free(pkcs3dh); 1760 1761 return ret; 1762 } 1763 #endif /* OPENSSL_NO_DH */ 1764 1765 #if !defined(OPENSSL_NO_ENGINE) && !defined(OPENSSL_NO_DYNAMIC_ENGINE) 1766 /* Test we can create a signature keys with an associated ENGINE */ 1767 static int test_signatures_with_engine(int tst) 1768 { 1769 ENGINE *e; 1770 const char *engine_id = "dasync"; 1771 EVP_PKEY *pkey = NULL; 1772 const unsigned char badcmackey[] = { 0x00, 0x01 }; 1773 const unsigned char cmackey[] = { 1774 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 1775 0x0c, 0x0d, 0x0e, 0x0f 1776 }; 1777 const unsigned char ed25519key[] = { 1778 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 1779 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 1780 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f 1781 }; 1782 const unsigned char msg[] = { 0x00, 0x01, 0x02, 0x03 }; 1783 int testresult = 0; 1784 EVP_MD_CTX *ctx = NULL; 1785 unsigned char *mac = NULL; 1786 size_t maclen = 0; 1787 int ret; 1788 1789 # ifdef OPENSSL_NO_CMAC 1790 /* Skip CMAC tests in a no-cmac build */ 1791 if (tst <= 1) 1792 return 1; 1793 # endif 1794 1795 if (!TEST_ptr(e = ENGINE_by_id(engine_id))) 1796 return 0; 1797 1798 if (!TEST_true(ENGINE_init(e))) { 1799 ENGINE_free(e); 1800 return 0; 1801 } 1802 1803 switch (tst) { 1804 case 0: 1805 pkey = EVP_PKEY_new_CMAC_key(e, cmackey, sizeof(cmackey), 1806 EVP_aes_128_cbc()); 1807 break; 1808 case 1: 1809 pkey = EVP_PKEY_new_CMAC_key(e, badcmackey, sizeof(badcmackey), 1810 EVP_aes_128_cbc()); 1811 break; 1812 case 2: 1813 pkey = EVP_PKEY_new_raw_private_key(EVP_PKEY_ED25519, e, ed25519key, 1814 sizeof(ed25519key)); 1815 break; 1816 default: 1817 TEST_error("Invalid test case"); 1818 goto err; 1819 } 1820 if (tst == 1) { 1821 /* 1822 * In 1.1.1 CMAC keys will fail to during EVP_PKEY_new_CMAC_key() if the 1823 * key is bad. In later versions this isn't detected until later. 1824 */ 1825 if (!TEST_ptr_null(pkey)) 1826 goto err; 1827 } else { 1828 if (!TEST_ptr(pkey)) 1829 goto err; 1830 } 1831 1832 if (tst == 0 || tst == 1) { 1833 /* 1834 * We stop the test here for tests 0 and 1. The dasync engine doesn't 1835 * actually support CMAC in 1.1.1. 1836 */ 1837 testresult = 1; 1838 goto err; 1839 } 1840 1841 if (!TEST_ptr(ctx = EVP_MD_CTX_new())) 1842 goto err; 1843 1844 ret = EVP_DigestSignInit(ctx, NULL, tst == 2 ? NULL : EVP_sha256(), NULL, 1845 pkey); 1846 if (tst == 0) { 1847 if (!TEST_true(ret)) 1848 goto err; 1849 1850 if (!TEST_true(EVP_DigestSignUpdate(ctx, msg, sizeof(msg))) 1851 || !TEST_true(EVP_DigestSignFinal(ctx, NULL, &maclen))) 1852 goto err; 1853 1854 if (!TEST_ptr(mac = OPENSSL_malloc(maclen))) 1855 goto err; 1856 1857 if (!TEST_true(EVP_DigestSignFinal(ctx, mac, &maclen))) 1858 goto err; 1859 } else { 1860 /* We used a bad key. We expect a failure here */ 1861 if (!TEST_false(ret)) 1862 goto err; 1863 } 1864 1865 testresult = 1; 1866 err: 1867 EVP_MD_CTX_free(ctx); 1868 OPENSSL_free(mac); 1869 EVP_PKEY_free(pkey); 1870 ENGINE_finish(e); 1871 ENGINE_free(e); 1872 1873 return testresult; 1874 } 1875 1876 static int test_cipher_with_engine(void) 1877 { 1878 ENGINE *e; 1879 const char *engine_id = "dasync"; 1880 const unsigned char keyiv[] = { 1881 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 1882 0x0c, 0x0d, 0x0e, 0x0f 1883 }; 1884 const unsigned char msg[] = { 0x00, 0x01, 0x02, 0x03 }; 1885 int testresult = 0; 1886 EVP_CIPHER_CTX *ctx = NULL, *ctx2 = NULL; 1887 unsigned char buf[AES_BLOCK_SIZE]; 1888 int len = 0; 1889 1890 if (!TEST_ptr(e = ENGINE_by_id(engine_id))) 1891 return 0; 1892 1893 if (!TEST_true(ENGINE_init(e))) { 1894 ENGINE_free(e); 1895 return 0; 1896 } 1897 1898 if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new()) 1899 || !TEST_ptr(ctx2 = EVP_CIPHER_CTX_new())) 1900 goto err; 1901 1902 if (!TEST_true(EVP_EncryptInit_ex(ctx, EVP_aes_128_cbc(), e, keyiv, keyiv))) 1903 goto err; 1904 1905 /* Copy the ctx, and complete the operation with the new ctx */ 1906 if (!TEST_true(EVP_CIPHER_CTX_copy(ctx2, ctx))) 1907 goto err; 1908 1909 if (!TEST_true(EVP_EncryptUpdate(ctx2, buf, &len, msg, sizeof(msg))) 1910 || !TEST_true(EVP_EncryptFinal_ex(ctx2, buf + len, &len))) 1911 goto err; 1912 1913 testresult = 1; 1914 err: 1915 EVP_CIPHER_CTX_free(ctx); 1916 EVP_CIPHER_CTX_free(ctx2); 1917 ENGINE_finish(e); 1918 ENGINE_free(e); 1919 1920 return testresult; 1921 } 1922 #endif /* !defined(OPENSSL_NO_ENGINE) && !defined(OPENSSL_NO_DYNAMIC_ENGINE) */ 1923 1924 int setup_tests(void) 1925 { 1926 #if !defined(OPENSSL_NO_ENGINE) && !defined(OPENSSL_NO_DYNAMIC_ENGINE) 1927 ENGINE_load_builtin_engines(); 1928 #endif 1929 ADD_TEST(test_EVP_DigestSignInit); 1930 ADD_TEST(test_EVP_DigestVerifyInit); 1931 ADD_TEST(test_EVP_Enveloped); 1932 ADD_ALL_TESTS(test_d2i_AutoPrivateKey, OSSL_NELEM(keydata)); 1933 #ifndef OPENSSL_NO_EC 1934 ADD_TEST(test_EVP_PKCS82PKEY); 1935 #endif 1936 #ifndef OPENSSL_NO_SM2 1937 ADD_TEST(test_EVP_SM2); 1938 ADD_TEST(test_EVP_SM2_verify); 1939 #endif 1940 ADD_ALL_TESTS(test_set_get_raw_keys, OSSL_NELEM(keys)); 1941 custom_pmeth = EVP_PKEY_meth_new(0xdefaced, 0); 1942 if (!TEST_ptr(custom_pmeth)) 1943 return 0; 1944 EVP_PKEY_meth_set_check(custom_pmeth, pkey_custom_check); 1945 EVP_PKEY_meth_set_public_check(custom_pmeth, pkey_custom_pub_check); 1946 EVP_PKEY_meth_set_param_check(custom_pmeth, pkey_custom_param_check); 1947 if (!TEST_int_eq(EVP_PKEY_meth_add0(custom_pmeth), 1)) 1948 return 0; 1949 ADD_ALL_TESTS(test_EVP_PKEY_check, OSSL_NELEM(keycheckdata)); 1950 ADD_TEST(test_HKDF); 1951 #ifndef OPENSSL_NO_EC 1952 ADD_TEST(test_X509_PUBKEY_inplace); 1953 ADD_ALL_TESTS(test_invalide_ec_char2_pub_range_decode, 1954 OSSL_NELEM(ec_der_pub_keys)); 1955 #endif 1956 #if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305) 1957 ADD_TEST(test_decrypt_null_chunks); 1958 #endif 1959 #ifndef OPENSSL_NO_DH 1960 ADD_TEST(test_EVP_PKEY_set1_DH); 1961 #endif 1962 1963 ADD_ALL_TESTS(test_evp_init_seq, OSSL_NELEM(evp_init_tests)); 1964 ADD_ALL_TESTS(test_evp_reset, OSSL_NELEM(evp_reset_tests)); 1965 ADD_ALL_TESTS(test_gcm_reinit, OSSL_NELEM(gcm_reinit_tests)); 1966 ADD_ALL_TESTS(test_evp_updated_iv, OSSL_NELEM(evp_updated_iv_tests)); 1967 1968 #if !defined(OPENSSL_NO_ENGINE) && !defined(OPENSSL_NO_DYNAMIC_ENGINE) 1969 # ifndef OPENSSL_NO_EC 1970 ADD_ALL_TESTS(test_signatures_with_engine, 3); 1971 # else 1972 ADD_ALL_TESTS(test_signatures_with_engine, 2); 1973 # endif 1974 ADD_TEST(test_cipher_with_engine); 1975 #endif 1976 1977 return 1; 1978 } 1979