1 /*
2 * Copyright 2015-2019 The OpenSSL Project Authors. All Rights Reserved.
3 *
4 * Licensed under the OpenSSL license (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
8 */
9
10 #include <stdio.h>
11 #include <stdlib.h>
12 #include <string.h>
13 #include <openssl/bio.h>
14 #include <openssl/crypto.h>
15 #include <openssl/err.h>
16 #include <openssl/evp.h>
17 #include <openssl/rsa.h>
18 #include <openssl/x509.h>
19 #include <openssl/pem.h>
20 #include <openssl/kdf.h>
21 #include <openssl/dh.h>
22 #include "testutil.h"
23 #include "internal/nelem.h"
24 #include "crypto/evp.h"
25
26 /*
27 * kExampleRSAKeyDER is an RSA private key in ASN.1, DER format. Of course, you
28 * should never use this key anywhere but in an example.
29 */
30 static const unsigned char kExampleRSAKeyDER[] = {
31 0x30, 0x82, 0x02, 0x5c, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81, 0x00, 0xf8,
32 0xb8, 0x6c, 0x83, 0xb4, 0xbc, 0xd9, 0xa8, 0x57, 0xc0, 0xa5, 0xb4, 0x59,
33 0x76, 0x8c, 0x54, 0x1d, 0x79, 0xeb, 0x22, 0x52, 0x04, 0x7e, 0xd3, 0x37,
34 0xeb, 0x41, 0xfd, 0x83, 0xf9, 0xf0, 0xa6, 0x85, 0x15, 0x34, 0x75, 0x71,
35 0x5a, 0x84, 0xa8, 0x3c, 0xd2, 0xef, 0x5a, 0x4e, 0xd3, 0xde, 0x97, 0x8a,
36 0xdd, 0xff, 0xbb, 0xcf, 0x0a, 0xaa, 0x86, 0x92, 0xbe, 0xb8, 0x50, 0xe4,
37 0xcd, 0x6f, 0x80, 0x33, 0x30, 0x76, 0x13, 0x8f, 0xca, 0x7b, 0xdc, 0xec,
38 0x5a, 0xca, 0x63, 0xc7, 0x03, 0x25, 0xef, 0xa8, 0x8a, 0x83, 0x58, 0x76,
39 0x20, 0xfa, 0x16, 0x77, 0xd7, 0x79, 0x92, 0x63, 0x01, 0x48, 0x1a, 0xd8,
40 0x7b, 0x67, 0xf1, 0x52, 0x55, 0x49, 0x4e, 0xd6, 0x6e, 0x4a, 0x5c, 0xd7,
41 0x7a, 0x37, 0x36, 0x0c, 0xde, 0xdd, 0x8f, 0x44, 0xe8, 0xc2, 0xa7, 0x2c,
42 0x2b, 0xb5, 0xaf, 0x64, 0x4b, 0x61, 0x07, 0x02, 0x03, 0x01, 0x00, 0x01,
43 0x02, 0x81, 0x80, 0x74, 0x88, 0x64, 0x3f, 0x69, 0x45, 0x3a, 0x6d, 0xc7,
44 0x7f, 0xb9, 0xa3, 0xc0, 0x6e, 0xec, 0xdc, 0xd4, 0x5a, 0xb5, 0x32, 0x85,
45 0x5f, 0x19, 0xd4, 0xf8, 0xd4, 0x3f, 0x3c, 0xfa, 0xc2, 0xf6, 0x5f, 0xee,
46 0xe6, 0xba, 0x87, 0x74, 0x2e, 0xc7, 0x0c, 0xd4, 0x42, 0xb8, 0x66, 0x85,
47 0x9c, 0x7b, 0x24, 0x61, 0xaa, 0x16, 0x11, 0xf6, 0xb5, 0xb6, 0xa4, 0x0a,
48 0xc9, 0x55, 0x2e, 0x81, 0xa5, 0x47, 0x61, 0xcb, 0x25, 0x8f, 0xc2, 0x15,
49 0x7b, 0x0e, 0x7c, 0x36, 0x9f, 0x3a, 0xda, 0x58, 0x86, 0x1c, 0x5b, 0x83,
50 0x79, 0xe6, 0x2b, 0xcc, 0xe6, 0xfa, 0x2c, 0x61, 0xf2, 0x78, 0x80, 0x1b,
51 0xe2, 0xf3, 0x9d, 0x39, 0x2b, 0x65, 0x57, 0x91, 0x3d, 0x71, 0x99, 0x73,
52 0xa5, 0xc2, 0x79, 0x20, 0x8c, 0x07, 0x4f, 0xe5, 0xb4, 0x60, 0x1f, 0x99,
53 0xa2, 0xb1, 0x4f, 0x0c, 0xef, 0xbc, 0x59, 0x53, 0x00, 0x7d, 0xb1, 0x02,
54 0x41, 0x00, 0xfc, 0x7e, 0x23, 0x65, 0x70, 0xf8, 0xce, 0xd3, 0x40, 0x41,
55 0x80, 0x6a, 0x1d, 0x01, 0xd6, 0x01, 0xff, 0xb6, 0x1b, 0x3d, 0x3d, 0x59,
56 0x09, 0x33, 0x79, 0xc0, 0x4f, 0xde, 0x96, 0x27, 0x4b, 0x18, 0xc6, 0xd9,
57 0x78, 0xf1, 0xf4, 0x35, 0x46, 0xe9, 0x7c, 0x42, 0x7a, 0x5d, 0x9f, 0xef,
58 0x54, 0xb8, 0xf7, 0x9f, 0xc4, 0x33, 0x6c, 0xf3, 0x8c, 0x32, 0x46, 0x87,
59 0x67, 0x30, 0x7b, 0xa7, 0xac, 0xe3, 0x02, 0x41, 0x00, 0xfc, 0x2c, 0xdf,
60 0x0c, 0x0d, 0x88, 0xf5, 0xb1, 0x92, 0xa8, 0x93, 0x47, 0x63, 0x55, 0xf5,
61 0xca, 0x58, 0x43, 0xba, 0x1c, 0xe5, 0x9e, 0xb6, 0x95, 0x05, 0xcd, 0xb5,
62 0x82, 0xdf, 0xeb, 0x04, 0x53, 0x9d, 0xbd, 0xc2, 0x38, 0x16, 0xb3, 0x62,
63 0xdd, 0xa1, 0x46, 0xdb, 0x6d, 0x97, 0x93, 0x9f, 0x8a, 0xc3, 0x9b, 0x64,
64 0x7e, 0x42, 0xe3, 0x32, 0x57, 0x19, 0x1b, 0xd5, 0x6e, 0x85, 0xfa, 0xb8,
65 0x8d, 0x02, 0x41, 0x00, 0xbc, 0x3d, 0xde, 0x6d, 0xd6, 0x97, 0xe8, 0xba,
66 0x9e, 0x81, 0x37, 0x17, 0xe5, 0xa0, 0x64, 0xc9, 0x00, 0xb7, 0xe7, 0xfe,
67 0xf4, 0x29, 0xd9, 0x2e, 0x43, 0x6b, 0x19, 0x20, 0xbd, 0x99, 0x75, 0xe7,
68 0x76, 0xf8, 0xd3, 0xae, 0xaf, 0x7e, 0xb8, 0xeb, 0x81, 0xf4, 0x9d, 0xfe,
69 0x07, 0x2b, 0x0b, 0x63, 0x0b, 0x5a, 0x55, 0x90, 0x71, 0x7d, 0xf1, 0xdb,
70 0xd9, 0xb1, 0x41, 0x41, 0x68, 0x2f, 0x4e, 0x39, 0x02, 0x40, 0x5a, 0x34,
71 0x66, 0xd8, 0xf5, 0xe2, 0x7f, 0x18, 0xb5, 0x00, 0x6e, 0x26, 0x84, 0x27,
72 0x14, 0x93, 0xfb, 0xfc, 0xc6, 0x0f, 0x5e, 0x27, 0xe6, 0xe1, 0xe9, 0xc0,
73 0x8a, 0xe4, 0x34, 0xda, 0xe9, 0xa2, 0x4b, 0x73, 0xbc, 0x8c, 0xb9, 0xba,
74 0x13, 0x6c, 0x7a, 0x2b, 0x51, 0x84, 0xa3, 0x4a, 0xe0, 0x30, 0x10, 0x06,
75 0x7e, 0xed, 0x17, 0x5a, 0x14, 0x00, 0xc9, 0xef, 0x85, 0xea, 0x52, 0x2c,
76 0xbc, 0x65, 0x02, 0x40, 0x51, 0xe3, 0xf2, 0x83, 0x19, 0x9b, 0xc4, 0x1e,
77 0x2f, 0x50, 0x3d, 0xdf, 0x5a, 0xa2, 0x18, 0xca, 0x5f, 0x2e, 0x49, 0xaf,
78 0x6f, 0xcc, 0xfa, 0x65, 0x77, 0x94, 0xb5, 0xa1, 0x0a, 0xa9, 0xd1, 0x8a,
79 0x39, 0x37, 0xf4, 0x0b, 0xa0, 0xd7, 0x82, 0x27, 0x5e, 0xae, 0x17, 0x17,
80 0xa1, 0x1e, 0x54, 0x34, 0xbf, 0x6e, 0xc4, 0x8e, 0x99, 0x5d, 0x08, 0xf1,
81 0x2d, 0x86, 0x9d, 0xa5, 0x20, 0x1b, 0xe5, 0xdf,
82 };
83
84 /*
85 * kExampleBadRSAKeyDER is an RSA private key in ASN.1, DER format. The private
86 * components are not correct.
87 */
88 static const unsigned char kExampleBadRSAKeyDER[] = {
89 0x30, 0x82, 0x04, 0x27, 0x02, 0x01, 0x00, 0x02, 0x82, 0x01, 0x01, 0x00,
90 0xa6, 0x1a, 0x1e, 0x6e, 0x7b, 0xee, 0xc6, 0x89, 0x66, 0xe7, 0x93, 0xef,
91 0x54, 0x12, 0x68, 0xea, 0xbf, 0x86, 0x2f, 0xdd, 0xd2, 0x79, 0xb8, 0xa9,
92 0x6e, 0x03, 0xc2, 0xa3, 0xb9, 0xa3, 0xe1, 0x4b, 0x2a, 0xb3, 0xf8, 0xb4,
93 0xcd, 0xea, 0xbe, 0x24, 0xa6, 0x57, 0x5b, 0x83, 0x1f, 0x0f, 0xf2, 0xd3,
94 0xb7, 0xac, 0x7e, 0xd6, 0x8e, 0x6e, 0x1e, 0xbf, 0xb8, 0x73, 0x8c, 0x05,
95 0x56, 0xe6, 0x35, 0x1f, 0xe9, 0x04, 0x0b, 0x09, 0x86, 0x7d, 0xf1, 0x26,
96 0x08, 0x99, 0xad, 0x7b, 0xc8, 0x4d, 0x94, 0xb0, 0x0b, 0x8b, 0x38, 0xa0,
97 0x5c, 0x62, 0xa0, 0xab, 0xd3, 0x8f, 0xd4, 0x09, 0x60, 0x72, 0x1e, 0x33,
98 0x50, 0x80, 0x6e, 0x22, 0xa6, 0x77, 0x57, 0x6b, 0x9a, 0x33, 0x21, 0x66,
99 0x87, 0x6e, 0x21, 0x7b, 0xc7, 0x24, 0x0e, 0xd8, 0x13, 0xdf, 0x83, 0xde,
100 0xcd, 0x40, 0x58, 0x1d, 0x84, 0x86, 0xeb, 0xb8, 0x12, 0x4e, 0xd2, 0xfa,
101 0x80, 0x1f, 0xe4, 0xe7, 0x96, 0x29, 0xb8, 0xcc, 0xce, 0x66, 0x6d, 0x53,
102 0xca, 0xb9, 0x5a, 0xd7, 0xf6, 0x84, 0x6c, 0x2d, 0x9a, 0x1a, 0x14, 0x1c,
103 0x4e, 0x93, 0x39, 0xba, 0x74, 0xed, 0xed, 0x87, 0x87, 0x5e, 0x48, 0x75,
104 0x36, 0xf0, 0xbc, 0x34, 0xfb, 0x29, 0xf9, 0x9f, 0x96, 0x5b, 0x0b, 0xa7,
105 0x54, 0x30, 0x51, 0x29, 0x18, 0x5b, 0x7d, 0xac, 0x0f, 0xd6, 0x5f, 0x7c,
106 0xf8, 0x98, 0x8c, 0xd8, 0x86, 0x62, 0xb3, 0xdc, 0xff, 0x0f, 0xff, 0x7a,
107 0xaf, 0x5c, 0x4c, 0x61, 0x49, 0x2e, 0xc8, 0x95, 0x86, 0xc4, 0x0e, 0x87,
108 0xfc, 0x1d, 0xcf, 0x8b, 0x7c, 0x61, 0xf6, 0xd8, 0xd0, 0x69, 0xf6, 0xcd,
109 0x8a, 0x8c, 0xf6, 0x62, 0xa2, 0x56, 0xa9, 0xe3, 0xd1, 0xcf, 0x4d, 0xa0,
110 0xf6, 0x2d, 0x20, 0x0a, 0x04, 0xb7, 0xa2, 0xf7, 0xb5, 0x99, 0x47, 0x18,
111 0x56, 0x85, 0x87, 0xc7, 0x02, 0x03, 0x01, 0x00, 0x01, 0x02, 0x82, 0x01,
112 0x01, 0x00, 0x99, 0x41, 0x38, 0x1a, 0xd0, 0x96, 0x7a, 0xf0, 0x83, 0xd5,
113 0xdf, 0x94, 0xce, 0x89, 0x3d, 0xec, 0x7a, 0x52, 0x21, 0x10, 0x16, 0x06,
114 0xe0, 0xee, 0xd2, 0xe6, 0xfd, 0x4b, 0x7b, 0x19, 0x4d, 0xe1, 0xc0, 0xc0,
115 0xd5, 0x14, 0x5d, 0x79, 0xdd, 0x7e, 0x8b, 0x4b, 0xc6, 0xcf, 0xb0, 0x75,
116 0x52, 0xa3, 0x2d, 0xb1, 0x26, 0x46, 0x68, 0x9c, 0x0a, 0x1a, 0xf2, 0xe1,
117 0x09, 0xac, 0x53, 0x85, 0x8c, 0x36, 0xa9, 0x14, 0x65, 0xea, 0xa0, 0x00,
118 0xcb, 0xe3, 0x3f, 0xc4, 0x2b, 0x61, 0x2e, 0x6b, 0x06, 0x69, 0x77, 0xfd,
119 0x38, 0x7e, 0x1d, 0x3f, 0x92, 0xe7, 0x77, 0x08, 0x19, 0xa7, 0x9d, 0x29,
120 0x2d, 0xdc, 0x42, 0xc6, 0x7c, 0xd7, 0xd3, 0xa8, 0x01, 0x2c, 0xf2, 0xd5,
121 0x82, 0x57, 0xcb, 0x55, 0x3d, 0xe7, 0xaa, 0xd2, 0x06, 0x30, 0x30, 0x05,
122 0xe6, 0xf2, 0x47, 0x86, 0xba, 0xc6, 0x61, 0x64, 0xeb, 0x4f, 0x2a, 0x5e,
123 0x07, 0x29, 0xe0, 0x96, 0xb2, 0x43, 0xff, 0x5f, 0x1a, 0x54, 0x16, 0xcf,
124 0xb5, 0x56, 0x5c, 0xa0, 0x9b, 0x0c, 0xfd, 0xb3, 0xd2, 0xe3, 0x79, 0x1d,
125 0x21, 0xe2, 0xd6, 0x13, 0xc4, 0x74, 0xa6, 0xf5, 0x8e, 0x8e, 0x81, 0xbb,
126 0xb4, 0xad, 0x8a, 0xf0, 0x93, 0x0a, 0xd8, 0x0a, 0x42, 0x36, 0xbc, 0xe5,
127 0x26, 0x2a, 0x0d, 0x5d, 0x57, 0x13, 0xc5, 0x4e, 0x2f, 0x12, 0x0e, 0xef,
128 0xa7, 0x81, 0x1e, 0xc3, 0xa5, 0xdb, 0xc9, 0x24, 0xeb, 0x1a, 0xa1, 0xf9,
129 0xf6, 0xa1, 0x78, 0x98, 0x93, 0x77, 0x42, 0x45, 0x03, 0xe2, 0xc9, 0xa2,
130 0xfe, 0x2d, 0x77, 0xc8, 0xc6, 0xac, 0x9b, 0x98, 0x89, 0x6d, 0x9a, 0xe7,
131 0x61, 0x63, 0xb7, 0xf2, 0xec, 0xd6, 0xb1, 0xa1, 0x6e, 0x0a, 0x1a, 0xff,
132 0xfd, 0x43, 0x28, 0xc3, 0x0c, 0xdc, 0xf2, 0x47, 0x4f, 0x27, 0xaa, 0x99,
133 0x04, 0x8e, 0xac, 0xe8, 0x7c, 0x01, 0x02, 0x04, 0x12, 0x34, 0x56, 0x78,
134 0x02, 0x81, 0x81, 0x00, 0xca, 0x69, 0xe5, 0xbb, 0x3a, 0x90, 0x82, 0xcb,
135 0x82, 0x50, 0x2f, 0x29, 0xe2, 0x76, 0x6a, 0x57, 0x55, 0x45, 0x4e, 0x35,
136 0x18, 0x61, 0xe0, 0x12, 0x70, 0xc0, 0xab, 0xc7, 0x80, 0xa2, 0xd4, 0x46,
137 0x34, 0x03, 0xa0, 0x19, 0x26, 0x23, 0x9e, 0xef, 0x1a, 0xcb, 0x75, 0xd6,
138 0xba, 0x81, 0xf4, 0x7e, 0x52, 0xe5, 0x2a, 0xe8, 0xf1, 0x49, 0x6c, 0x0f,
139 0x1a, 0xa0, 0xf9, 0xc6, 0xe7, 0xec, 0x60, 0xe4, 0xcb, 0x2a, 0xb5, 0x56,
140 0xe9, 0x9c, 0xcd, 0x19, 0x75, 0x92, 0xb1, 0x66, 0xce, 0xc3, 0xd9, 0x3d,
141 0x11, 0xcb, 0xc4, 0x09, 0xce, 0x1e, 0x30, 0xba, 0x2f, 0x60, 0x60, 0x55,
142 0x8d, 0x02, 0xdc, 0x5d, 0xaf, 0xf7, 0x52, 0x31, 0x17, 0x07, 0x53, 0x20,
143 0x33, 0xad, 0x8c, 0xd5, 0x2f, 0x5a, 0xd0, 0x57, 0xd7, 0xd1, 0x80, 0xd6,
144 0x3a, 0x9b, 0x04, 0x4f, 0x35, 0xbf, 0xe7, 0xd5, 0xbc, 0x8f, 0xd4, 0x81,
145 0x02, 0x81, 0x81, 0x00, 0xc0, 0x9f, 0xf8, 0xcd, 0xf7, 0x3f, 0x26, 0x8a,
146 0x3d, 0x4d, 0x2b, 0x0c, 0x01, 0xd0, 0xa2, 0xb4, 0x18, 0xfe, 0xf7, 0x5e,
147 0x2f, 0x06, 0x13, 0xcd, 0x63, 0xaa, 0x12, 0xa9, 0x24, 0x86, 0xe3, 0xf3,
148 0x7b, 0xda, 0x1a, 0x3c, 0xb1, 0x38, 0x80, 0x80, 0xef, 0x64, 0x64, 0xa1,
149 0x9b, 0xfe, 0x76, 0x63, 0x8e, 0x83, 0xd2, 0xd9, 0xb9, 0x86, 0xb0, 0xe6,
150 0xa6, 0x0c, 0x7e, 0xa8, 0x84, 0x90, 0x98, 0x0c, 0x1e, 0xf3, 0x14, 0x77,
151 0xe0, 0x5f, 0x81, 0x08, 0x11, 0x8f, 0xa6, 0x23, 0xc4, 0xba, 0xc0, 0x8a,
152 0xe4, 0xc6, 0xe3, 0x5c, 0xbe, 0xc5, 0xec, 0x2c, 0xb9, 0xd8, 0x8c, 0x4d,
153 0x1a, 0x9d, 0xe7, 0x7c, 0x85, 0x4c, 0x0d, 0x71, 0x4e, 0x72, 0x33, 0x1b,
154 0xfe, 0xa9, 0x17, 0x72, 0x76, 0x56, 0x9d, 0x74, 0x7e, 0x52, 0x67, 0x9a,
155 0x87, 0x9a, 0xdb, 0x30, 0xde, 0xe4, 0x49, 0x28, 0x3b, 0xd2, 0x67, 0xaf,
156 0x02, 0x81, 0x81, 0x00, 0x89, 0x74, 0x9a, 0x8e, 0xa7, 0xb9, 0xa5, 0x28,
157 0xc0, 0x68, 0xe5, 0x6e, 0x63, 0x1c, 0x99, 0x20, 0x8f, 0x86, 0x8e, 0x12,
158 0x9e, 0x69, 0x30, 0xfa, 0x34, 0xd9, 0x92, 0x8d, 0xdb, 0x7c, 0x37, 0xfd,
159 0x28, 0xab, 0x61, 0x98, 0x52, 0x7f, 0x14, 0x1a, 0x39, 0xae, 0xfb, 0x6a,
160 0x03, 0xa3, 0xe6, 0xbd, 0xb6, 0x5b, 0x6b, 0xe5, 0x5e, 0x9d, 0xc6, 0xa5,
161 0x07, 0x27, 0x54, 0x17, 0xd0, 0x3d, 0x84, 0x9b, 0x3a, 0xa0, 0xd9, 0x1e,
162 0x99, 0x6c, 0x63, 0x17, 0xab, 0xf1, 0x1f, 0x49, 0xba, 0x95, 0xe3, 0x3b,
163 0x86, 0x8f, 0x42, 0xa4, 0x89, 0xf5, 0x94, 0x8f, 0x8b, 0x46, 0xbe, 0x84,
164 0xba, 0x4a, 0xbc, 0x0d, 0x5f, 0x46, 0xeb, 0xe8, 0xec, 0x43, 0x8c, 0x1e,
165 0xad, 0x19, 0x69, 0x2f, 0x08, 0x86, 0x7a, 0x3f, 0x7d, 0x0f, 0x07, 0x97,
166 0xf3, 0x9a, 0x7b, 0xb5, 0xb2, 0xc1, 0x8c, 0x95, 0x68, 0x04, 0xa0, 0x81,
167 0x02, 0x81, 0x80, 0x4e, 0xbf, 0x7e, 0x1b, 0xcb, 0x13, 0x61, 0x75, 0x3b,
168 0xdb, 0x59, 0x5f, 0xb1, 0xd4, 0xb8, 0xeb, 0x9e, 0x73, 0xb5, 0xe7, 0xf6,
169 0x89, 0x3d, 0x1c, 0xda, 0xf0, 0x36, 0xff, 0x35, 0xbd, 0x1e, 0x0b, 0x74,
170 0xe3, 0x9e, 0xf0, 0xf2, 0xf7, 0xd7, 0x82, 0xb7, 0x7b, 0x6a, 0x1b, 0x0e,
171 0x30, 0x4a, 0x98, 0x0e, 0xb4, 0xf9, 0x81, 0x07, 0xe4, 0x75, 0x39, 0xe9,
172 0x53, 0xca, 0xbb, 0x5c, 0xaa, 0x93, 0x07, 0x0e, 0xa8, 0x2f, 0xba, 0x98,
173 0x49, 0x30, 0xa7, 0xcc, 0x1a, 0x3c, 0x68, 0x0c, 0xe1, 0xa4, 0xb1, 0x05,
174 0xe6, 0xe0, 0x25, 0x78, 0x58, 0x14, 0x37, 0xf5, 0x1f, 0xe3, 0x22, 0xef,
175 0xa8, 0x0e, 0x22, 0xa0, 0x94, 0x3a, 0xf6, 0xc9, 0x13, 0xe6, 0x06, 0xbf,
176 0x7f, 0x99, 0xc6, 0xcc, 0xd8, 0xc6, 0xbe, 0xd9, 0x2e, 0x24, 0xc7, 0x69,
177 0x8c, 0x95, 0xba, 0xf6, 0x04, 0xb3, 0x0a, 0xf4, 0xcb, 0xf0, 0xce,
178 };
179
180 static const unsigned char kMsg[] = { 1, 2, 3, 4 };
181
182 static const unsigned char kSignature[] = {
183 0xa5, 0xf0, 0x8a, 0x47, 0x5d, 0x3c, 0xb3, 0xcc, 0xa9, 0x79, 0xaf, 0x4d,
184 0x8c, 0xae, 0x4c, 0x14, 0xef, 0xc2, 0x0b, 0x34, 0x36, 0xde, 0xf4, 0x3e,
185 0x3d, 0xbb, 0x4a, 0x60, 0x5c, 0xc8, 0x91, 0x28, 0xda, 0xfb, 0x7e, 0x04,
186 0x96, 0x7e, 0x63, 0x13, 0x90, 0xce, 0xb9, 0xb4, 0x62, 0x7a, 0xfd, 0x09,
187 0x3d, 0xc7, 0x67, 0x78, 0x54, 0x04, 0xeb, 0x52, 0x62, 0x6e, 0x24, 0x67,
188 0xb4, 0x40, 0xfc, 0x57, 0x62, 0xc6, 0xf1, 0x67, 0xc1, 0x97, 0x8f, 0x6a,
189 0xa8, 0xae, 0x44, 0x46, 0x5e, 0xab, 0x67, 0x17, 0x53, 0x19, 0x3a, 0xda,
190 0x5a, 0xc8, 0x16, 0x3e, 0x86, 0xd5, 0xc5, 0x71, 0x2f, 0xfc, 0x23, 0x48,
191 0xd9, 0x0b, 0x13, 0xdd, 0x7b, 0x5a, 0x25, 0x79, 0xef, 0xa5, 0x7b, 0x04,
192 0xed, 0x44, 0xf6, 0x18, 0x55, 0xe4, 0x0a, 0xe9, 0x57, 0x79, 0x5d, 0xd7,
193 0x55, 0xa7, 0xab, 0x45, 0x02, 0x97, 0x60, 0x42,
194 };
195
196 /*
197 * kExampleRSAKeyPKCS8 is kExampleRSAKeyDER encoded in a PKCS #8
198 * PrivateKeyInfo.
199 */
200 static const unsigned char kExampleRSAKeyPKCS8[] = {
201 0x30, 0x82, 0x02, 0x76, 0x02, 0x01, 0x00, 0x30, 0x0d, 0x06, 0x09, 0x2a,
202 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x04, 0x82,
203 0x02, 0x60, 0x30, 0x82, 0x02, 0x5c, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81,
204 0x00, 0xf8, 0xb8, 0x6c, 0x83, 0xb4, 0xbc, 0xd9, 0xa8, 0x57, 0xc0, 0xa5,
205 0xb4, 0x59, 0x76, 0x8c, 0x54, 0x1d, 0x79, 0xeb, 0x22, 0x52, 0x04, 0x7e,
206 0xd3, 0x37, 0xeb, 0x41, 0xfd, 0x83, 0xf9, 0xf0, 0xa6, 0x85, 0x15, 0x34,
207 0x75, 0x71, 0x5a, 0x84, 0xa8, 0x3c, 0xd2, 0xef, 0x5a, 0x4e, 0xd3, 0xde,
208 0x97, 0x8a, 0xdd, 0xff, 0xbb, 0xcf, 0x0a, 0xaa, 0x86, 0x92, 0xbe, 0xb8,
209 0x50, 0xe4, 0xcd, 0x6f, 0x80, 0x33, 0x30, 0x76, 0x13, 0x8f, 0xca, 0x7b,
210 0xdc, 0xec, 0x5a, 0xca, 0x63, 0xc7, 0x03, 0x25, 0xef, 0xa8, 0x8a, 0x83,
211 0x58, 0x76, 0x20, 0xfa, 0x16, 0x77, 0xd7, 0x79, 0x92, 0x63, 0x01, 0x48,
212 0x1a, 0xd8, 0x7b, 0x67, 0xf1, 0x52, 0x55, 0x49, 0x4e, 0xd6, 0x6e, 0x4a,
213 0x5c, 0xd7, 0x7a, 0x37, 0x36, 0x0c, 0xde, 0xdd, 0x8f, 0x44, 0xe8, 0xc2,
214 0xa7, 0x2c, 0x2b, 0xb5, 0xaf, 0x64, 0x4b, 0x61, 0x07, 0x02, 0x03, 0x01,
215 0x00, 0x01, 0x02, 0x81, 0x80, 0x74, 0x88, 0x64, 0x3f, 0x69, 0x45, 0x3a,
216 0x6d, 0xc7, 0x7f, 0xb9, 0xa3, 0xc0, 0x6e, 0xec, 0xdc, 0xd4, 0x5a, 0xb5,
217 0x32, 0x85, 0x5f, 0x19, 0xd4, 0xf8, 0xd4, 0x3f, 0x3c, 0xfa, 0xc2, 0xf6,
218 0x5f, 0xee, 0xe6, 0xba, 0x87, 0x74, 0x2e, 0xc7, 0x0c, 0xd4, 0x42, 0xb8,
219 0x66, 0x85, 0x9c, 0x7b, 0x24, 0x61, 0xaa, 0x16, 0x11, 0xf6, 0xb5, 0xb6,
220 0xa4, 0x0a, 0xc9, 0x55, 0x2e, 0x81, 0xa5, 0x47, 0x61, 0xcb, 0x25, 0x8f,
221 0xc2, 0x15, 0x7b, 0x0e, 0x7c, 0x36, 0x9f, 0x3a, 0xda, 0x58, 0x86, 0x1c,
222 0x5b, 0x83, 0x79, 0xe6, 0x2b, 0xcc, 0xe6, 0xfa, 0x2c, 0x61, 0xf2, 0x78,
223 0x80, 0x1b, 0xe2, 0xf3, 0x9d, 0x39, 0x2b, 0x65, 0x57, 0x91, 0x3d, 0x71,
224 0x99, 0x73, 0xa5, 0xc2, 0x79, 0x20, 0x8c, 0x07, 0x4f, 0xe5, 0xb4, 0x60,
225 0x1f, 0x99, 0xa2, 0xb1, 0x4f, 0x0c, 0xef, 0xbc, 0x59, 0x53, 0x00, 0x7d,
226 0xb1, 0x02, 0x41, 0x00, 0xfc, 0x7e, 0x23, 0x65, 0x70, 0xf8, 0xce, 0xd3,
227 0x40, 0x41, 0x80, 0x6a, 0x1d, 0x01, 0xd6, 0x01, 0xff, 0xb6, 0x1b, 0x3d,
228 0x3d, 0x59, 0x09, 0x33, 0x79, 0xc0, 0x4f, 0xde, 0x96, 0x27, 0x4b, 0x18,
229 0xc6, 0xd9, 0x78, 0xf1, 0xf4, 0x35, 0x46, 0xe9, 0x7c, 0x42, 0x7a, 0x5d,
230 0x9f, 0xef, 0x54, 0xb8, 0xf7, 0x9f, 0xc4, 0x33, 0x6c, 0xf3, 0x8c, 0x32,
231 0x46, 0x87, 0x67, 0x30, 0x7b, 0xa7, 0xac, 0xe3, 0x02, 0x41, 0x00, 0xfc,
232 0x2c, 0xdf, 0x0c, 0x0d, 0x88, 0xf5, 0xb1, 0x92, 0xa8, 0x93, 0x47, 0x63,
233 0x55, 0xf5, 0xca, 0x58, 0x43, 0xba, 0x1c, 0xe5, 0x9e, 0xb6, 0x95, 0x05,
234 0xcd, 0xb5, 0x82, 0xdf, 0xeb, 0x04, 0x53, 0x9d, 0xbd, 0xc2, 0x38, 0x16,
235 0xb3, 0x62, 0xdd, 0xa1, 0x46, 0xdb, 0x6d, 0x97, 0x93, 0x9f, 0x8a, 0xc3,
236 0x9b, 0x64, 0x7e, 0x42, 0xe3, 0x32, 0x57, 0x19, 0x1b, 0xd5, 0x6e, 0x85,
237 0xfa, 0xb8, 0x8d, 0x02, 0x41, 0x00, 0xbc, 0x3d, 0xde, 0x6d, 0xd6, 0x97,
238 0xe8, 0xba, 0x9e, 0x81, 0x37, 0x17, 0xe5, 0xa0, 0x64, 0xc9, 0x00, 0xb7,
239 0xe7, 0xfe, 0xf4, 0x29, 0xd9, 0x2e, 0x43, 0x6b, 0x19, 0x20, 0xbd, 0x99,
240 0x75, 0xe7, 0x76, 0xf8, 0xd3, 0xae, 0xaf, 0x7e, 0xb8, 0xeb, 0x81, 0xf4,
241 0x9d, 0xfe, 0x07, 0x2b, 0x0b, 0x63, 0x0b, 0x5a, 0x55, 0x90, 0x71, 0x7d,
242 0xf1, 0xdb, 0xd9, 0xb1, 0x41, 0x41, 0x68, 0x2f, 0x4e, 0x39, 0x02, 0x40,
243 0x5a, 0x34, 0x66, 0xd8, 0xf5, 0xe2, 0x7f, 0x18, 0xb5, 0x00, 0x6e, 0x26,
244 0x84, 0x27, 0x14, 0x93, 0xfb, 0xfc, 0xc6, 0x0f, 0x5e, 0x27, 0xe6, 0xe1,
245 0xe9, 0xc0, 0x8a, 0xe4, 0x34, 0xda, 0xe9, 0xa2, 0x4b, 0x73, 0xbc, 0x8c,
246 0xb9, 0xba, 0x13, 0x6c, 0x7a, 0x2b, 0x51, 0x84, 0xa3, 0x4a, 0xe0, 0x30,
247 0x10, 0x06, 0x7e, 0xed, 0x17, 0x5a, 0x14, 0x00, 0xc9, 0xef, 0x85, 0xea,
248 0x52, 0x2c, 0xbc, 0x65, 0x02, 0x40, 0x51, 0xe3, 0xf2, 0x83, 0x19, 0x9b,
249 0xc4, 0x1e, 0x2f, 0x50, 0x3d, 0xdf, 0x5a, 0xa2, 0x18, 0xca, 0x5f, 0x2e,
250 0x49, 0xaf, 0x6f, 0xcc, 0xfa, 0x65, 0x77, 0x94, 0xb5, 0xa1, 0x0a, 0xa9,
251 0xd1, 0x8a, 0x39, 0x37, 0xf4, 0x0b, 0xa0, 0xd7, 0x82, 0x27, 0x5e, 0xae,
252 0x17, 0x17, 0xa1, 0x1e, 0x54, 0x34, 0xbf, 0x6e, 0xc4, 0x8e, 0x99, 0x5d,
253 0x08, 0xf1, 0x2d, 0x86, 0x9d, 0xa5, 0x20, 0x1b, 0xe5, 0xdf,
254 };
255
256 #ifndef OPENSSL_NO_EC
257 /*
258 * kExampleECKeyDER is a sample EC private key encoded as an ECPrivateKey
259 * structure.
260 */
261 static const unsigned char kExampleECKeyDER[] = {
262 0x30, 0x77, 0x02, 0x01, 0x01, 0x04, 0x20, 0x07, 0x0f, 0x08, 0x72, 0x7a,
263 0xd4, 0xa0, 0x4a, 0x9c, 0xdd, 0x59, 0xc9, 0x4d, 0x89, 0x68, 0x77, 0x08,
264 0xb5, 0x6f, 0xc9, 0x5d, 0x30, 0x77, 0x0e, 0xe8, 0xd1, 0xc9, 0xce, 0x0a,
265 0x8b, 0xb4, 0x6a, 0xa0, 0x0a, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d,
266 0x03, 0x01, 0x07, 0xa1, 0x44, 0x03, 0x42, 0x00, 0x04, 0xe6, 0x2b, 0x69,
267 0xe2, 0xbf, 0x65, 0x9f, 0x97, 0xbe, 0x2f, 0x1e, 0x0d, 0x94, 0x8a, 0x4c,
268 0xd5, 0x97, 0x6b, 0xb7, 0xa9, 0x1e, 0x0d, 0x46, 0xfb, 0xdd, 0xa9, 0xa9,
269 0x1e, 0x9d, 0xdc, 0xba, 0x5a, 0x01, 0xe7, 0xd6, 0x97, 0xa8, 0x0a, 0x18,
270 0xf9, 0xc3, 0xc4, 0xa3, 0x1e, 0x56, 0xe2, 0x7c, 0x83, 0x48, 0xdb, 0x16,
271 0x1a, 0x1c, 0xf5, 0x1d, 0x7e, 0xf1, 0x94, 0x2d, 0x4b, 0xcf, 0x72, 0x22,
272 0xc1,
273 };
274
275 /*
276 * kExampleBadECKeyDER is a sample EC private key encoded as an ECPrivateKey
277 * structure. The private key is equal to the order and will fail to import
278 */
279 static const unsigned char kExampleBadECKeyDER[] = {
280 0x30, 0x66, 0x02, 0x01, 0x00, 0x30, 0x13, 0x06, 0x07, 0x2A, 0x86, 0x48,
281 0xCE, 0x3D, 0x02, 0x01, 0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x03,
282 0x01, 0x07, 0x04, 0x4C, 0x30, 0x4A, 0x02, 0x01, 0x01, 0x04, 0x20, 0xFF,
283 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
284 0xFF, 0xFF, 0xFF, 0xBC, 0xE6, 0xFA, 0xAD, 0xA7, 0x17, 0x9E, 0x84, 0xF3,
285 0xB9, 0xCA, 0xC2, 0xFC, 0x63, 0x25, 0x51, 0xA1, 0x23, 0x03, 0x21, 0x00,
286 0x00, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF,
287 0xFF, 0xFF, 0xFF, 0xFF, 0xBC, 0xE6, 0xFA, 0xAD, 0xA7, 0x17, 0x9E, 0x84,
288 0xF3, 0xB9, 0xCA, 0xC2, 0xFC, 0x63, 0x25, 0x51
289 };
290
291 /* prime256v1 */
292 static const unsigned char kExampleECPubKeyDER[] = {
293 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
294 0x01, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, 0x03,
295 0x42, 0x00, 0x04, 0xba, 0xeb, 0x83, 0xfb, 0x3b, 0xb2, 0xff, 0x30, 0x53,
296 0xdb, 0xce, 0x32, 0xf2, 0xac, 0xae, 0x44, 0x0d, 0x3d, 0x13, 0x53, 0xb8,
297 0xd1, 0x68, 0x55, 0xde, 0x44, 0x46, 0x05, 0xa6, 0xc9, 0xd2, 0x04, 0xb7,
298 0xe3, 0xa2, 0x96, 0xc8, 0xb2, 0x5e, 0x22, 0x03, 0xd7, 0x03, 0x7a, 0x8b,
299 0x13, 0x5c, 0x42, 0x49, 0xc2, 0xab, 0x86, 0xd6, 0xac, 0x6b, 0x93, 0x20,
300 0x56, 0x6a, 0xc6, 0xc8, 0xa5, 0x0b, 0xe5
301 };
302
303 /*
304 * kExampleBadECPubKeyDER is a sample EC public key with a wrong OID
305 * 1.2.840.10045.2.2 instead of 1.2.840.10045.2.1 - EC Public Key
306 */
307 static const unsigned char kExampleBadECPubKeyDER[] = {
308 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
309 0x02, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, 0x03,
310 0x42, 0x00, 0x04, 0xba, 0xeb, 0x83, 0xfb, 0x3b, 0xb2, 0xff, 0x30, 0x53,
311 0xdb, 0xce, 0x32, 0xf2, 0xac, 0xae, 0x44, 0x0d, 0x3d, 0x13, 0x53, 0xb8,
312 0xd1, 0x68, 0x55, 0xde, 0x44, 0x46, 0x05, 0xa6, 0xc9, 0xd2, 0x04, 0xb7,
313 0xe3, 0xa2, 0x96, 0xc8, 0xb2, 0x5e, 0x22, 0x03, 0xd7, 0x03, 0x7a, 0x8b,
314 0x13, 0x5c, 0x42, 0x49, 0xc2, 0xab, 0x86, 0xd6, 0xac, 0x6b, 0x93, 0x20,
315 0x56, 0x6a, 0xc6, 0xc8, 0xa5, 0x0b, 0xe5
316 };
317
318 static const unsigned char pExampleECParamDER[] = {
319 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07
320 };
321 #endif
322
323 typedef struct APK_DATA_st {
324 const unsigned char *kder;
325 size_t size;
326 int evptype;
327 int check;
328 int pub_check;
329 int param_check;
330 int type; /* 0 for private, 1 for public, 2 for params */
331 } APK_DATA;
332
333 static APK_DATA keydata[] = {
334 {kExampleRSAKeyDER, sizeof(kExampleRSAKeyDER), EVP_PKEY_RSA},
335 {kExampleRSAKeyPKCS8, sizeof(kExampleRSAKeyPKCS8), EVP_PKEY_RSA},
336 #ifndef OPENSSL_NO_EC
337 {kExampleECKeyDER, sizeof(kExampleECKeyDER), EVP_PKEY_EC}
338 #endif
339 };
340
341 static APK_DATA keycheckdata[] = {
342 {kExampleRSAKeyDER, sizeof(kExampleRSAKeyDER), EVP_PKEY_RSA, 1, -2, -2, 0},
343 {kExampleBadRSAKeyDER, sizeof(kExampleBadRSAKeyDER), EVP_PKEY_RSA,
344 0, -2, -2, 0},
345 #ifndef OPENSSL_NO_EC
346 {kExampleECKeyDER, sizeof(kExampleECKeyDER), EVP_PKEY_EC, 1, 1, 1, 0},
347 /* group is also associated in our pub key */
348 {kExampleECPubKeyDER, sizeof(kExampleECPubKeyDER), EVP_PKEY_EC, 0, 1, 1, 1},
349 {pExampleECParamDER, sizeof(pExampleECParamDER), EVP_PKEY_EC, 0, 0, 1, 2}
350 #endif
351 };
352
load_example_rsa_key(void)353 static EVP_PKEY *load_example_rsa_key(void)
354 {
355 EVP_PKEY *ret = NULL;
356 const unsigned char *derp = kExampleRSAKeyDER;
357 EVP_PKEY *pkey = NULL;
358 RSA *rsa = NULL;
359
360 if (!TEST_true(d2i_RSAPrivateKey(&rsa, &derp, sizeof(kExampleRSAKeyDER))))
361 return NULL;
362
363 if (!TEST_ptr(pkey = EVP_PKEY_new())
364 || !TEST_true(EVP_PKEY_set1_RSA(pkey, rsa)))
365 goto end;
366
367 ret = pkey;
368 pkey = NULL;
369
370 end:
371 EVP_PKEY_free(pkey);
372 RSA_free(rsa);
373
374 return ret;
375 }
376
test_EVP_Enveloped(void)377 static int test_EVP_Enveloped(void)
378 {
379 int ret = 0;
380 EVP_CIPHER_CTX *ctx = NULL;
381 EVP_PKEY *keypair = NULL;
382 unsigned char *kek = NULL;
383 unsigned char iv[EVP_MAX_IV_LENGTH];
384 static const unsigned char msg[] = { 1, 2, 3, 4, 5, 6, 7, 8 };
385 int len, kek_len, ciphertext_len, plaintext_len;
386 unsigned char ciphertext[32], plaintext[16];
387 const EVP_CIPHER *type = EVP_aes_256_cbc();
388
389 if (!TEST_ptr(keypair = load_example_rsa_key())
390 || !TEST_ptr(kek = OPENSSL_zalloc(EVP_PKEY_size(keypair)))
391 || !TEST_ptr(ctx = EVP_CIPHER_CTX_new())
392 || !TEST_true(EVP_SealInit(ctx, type, &kek, &kek_len, iv,
393 &keypair, 1))
394 || !TEST_true(EVP_SealUpdate(ctx, ciphertext, &ciphertext_len,
395 msg, sizeof(msg)))
396 || !TEST_true(EVP_SealFinal(ctx, ciphertext + ciphertext_len,
397 &len)))
398 goto err;
399
400 ciphertext_len += len;
401
402 if (!TEST_true(EVP_OpenInit(ctx, type, kek, kek_len, iv, keypair))
403 || !TEST_true(EVP_OpenUpdate(ctx, plaintext, &plaintext_len,
404 ciphertext, ciphertext_len))
405 || !TEST_true(EVP_OpenFinal(ctx, plaintext + plaintext_len, &len)))
406 goto err;
407
408 plaintext_len += len;
409 if (!TEST_mem_eq(msg, sizeof(msg), plaintext, plaintext_len))
410 goto err;
411
412 ret = 1;
413 err:
414 OPENSSL_free(kek);
415 EVP_PKEY_free(keypair);
416 EVP_CIPHER_CTX_free(ctx);
417 return ret;
418 }
419
420
test_EVP_DigestSignInit(void)421 static int test_EVP_DigestSignInit(void)
422 {
423 int ret = 0;
424 EVP_PKEY *pkey = NULL;
425 unsigned char *sig = NULL;
426 size_t sig_len = 0;
427 EVP_MD_CTX *md_ctx, *md_ctx_verify = NULL;
428
429 if (!TEST_ptr(md_ctx = EVP_MD_CTX_new())
430 || !TEST_ptr(md_ctx_verify = EVP_MD_CTX_new())
431 || !TEST_ptr(pkey = load_example_rsa_key()))
432 goto out;
433
434 if (!TEST_true(EVP_DigestSignInit(md_ctx, NULL, EVP_sha256(), NULL, pkey))
435 || !TEST_true(EVP_DigestSignUpdate(md_ctx, kMsg, sizeof(kMsg))))
436 goto out;
437
438 /* Determine the size of the signature. */
439 if (!TEST_true(EVP_DigestSignFinal(md_ctx, NULL, &sig_len))
440 || !TEST_size_t_eq(sig_len, (size_t)EVP_PKEY_size(pkey)))
441 goto out;
442
443 if (!TEST_ptr(sig = OPENSSL_malloc(sig_len))
444 || !TEST_true(EVP_DigestSignFinal(md_ctx, sig, &sig_len)))
445 goto out;
446
447 /* Ensure that the signature round-trips. */
448 if (!TEST_true(EVP_DigestVerifyInit(md_ctx_verify, NULL, EVP_sha256(),
449 NULL, pkey))
450 || !TEST_true(EVP_DigestVerifyUpdate(md_ctx_verify,
451 kMsg, sizeof(kMsg)))
452 || !TEST_true(EVP_DigestVerifyFinal(md_ctx_verify, sig, sig_len)))
453 goto out;
454
455 ret = 1;
456
457 out:
458 EVP_MD_CTX_free(md_ctx);
459 EVP_MD_CTX_free(md_ctx_verify);
460 EVP_PKEY_free(pkey);
461 OPENSSL_free(sig);
462
463 return ret;
464 }
465
test_EVP_DigestVerifyInit(void)466 static int test_EVP_DigestVerifyInit(void)
467 {
468 int ret = 0;
469 EVP_PKEY *pkey = NULL;
470 EVP_MD_CTX *md_ctx = NULL;
471
472 if (!TEST_ptr(md_ctx = EVP_MD_CTX_new())
473 || !TEST_ptr(pkey = load_example_rsa_key()))
474 goto out;
475
476 if (!TEST_true(EVP_DigestVerifyInit(md_ctx, NULL, EVP_sha256(), NULL, pkey))
477 || !TEST_true(EVP_DigestVerifyUpdate(md_ctx, kMsg, sizeof(kMsg)))
478 || !TEST_true(EVP_DigestVerifyFinal(md_ctx, kSignature,
479 sizeof(kSignature))))
480 goto out;
481 ret = 1;
482
483 out:
484 EVP_MD_CTX_free(md_ctx);
485 EVP_PKEY_free(pkey);
486 return ret;
487 }
488
test_d2i_AutoPrivateKey(int i)489 static int test_d2i_AutoPrivateKey(int i)
490 {
491 int ret = 0;
492 const unsigned char *p;
493 EVP_PKEY *pkey = NULL;
494 const APK_DATA *ak = &keydata[i];
495 const unsigned char *input = ak->kder;
496 size_t input_len = ak->size;
497 int expected_id = ak->evptype;
498
499 p = input;
500 if (!TEST_ptr(pkey = d2i_AutoPrivateKey(NULL, &p, input_len))
501 || !TEST_ptr_eq(p, input + input_len)
502 || !TEST_int_eq(EVP_PKEY_id(pkey), expected_id))
503 goto done;
504
505 ret = 1;
506
507 done:
508 EVP_PKEY_free(pkey);
509 return ret;
510 }
511
512 #ifndef OPENSSL_NO_EC
513
514 static const unsigned char ec_public_sect163k1_validxy[] = {
515 0x30, 0x40, 0x30, 0x10, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
516 0x01, 0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x01, 0x03, 0x2c, 0x00, 0x04,
517 0x02, 0x84, 0x58, 0xa6, 0xd4, 0xa0, 0x35, 0x2b, 0xae, 0xf0, 0xc0, 0x69,
518 0x05, 0xcf, 0x2a, 0x50, 0x33, 0xf9, 0xe3, 0x92, 0x79, 0x02, 0xd1, 0x7b,
519 0x9f, 0x22, 0x00, 0xf0, 0x3b, 0x0e, 0x5d, 0x2e, 0xb7, 0x23, 0x24, 0xf3,
520 0x6a, 0xd8, 0x17, 0x65, 0x41, 0x2f
521 };
522
523 static const unsigned char ec_public_sect163k1_badx[] = {
524 0x30, 0x40, 0x30, 0x10, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
525 0x01, 0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x01, 0x03, 0x2c, 0x00, 0x04,
526 0x0a, 0x84, 0x58, 0xa6, 0xd4, 0xa0, 0x35, 0x2b, 0xae, 0xf0, 0xc0, 0x69,
527 0x05, 0xcf, 0x2a, 0x50, 0x33, 0xf9, 0xe3, 0x92, 0xb0, 0x02, 0xd1, 0x7b,
528 0x9f, 0x22, 0x00, 0xf0, 0x3b, 0x0e, 0x5d, 0x2e, 0xb7, 0x23, 0x24, 0xf3,
529 0x6a, 0xd8, 0x17, 0x65, 0x41, 0x2f
530 };
531
532 static const unsigned char ec_public_sect163k1_bady[] = {
533 0x30, 0x40, 0x30, 0x10, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
534 0x01, 0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x01, 0x03, 0x2c, 0x00, 0x04,
535 0x02, 0x84, 0x58, 0xa6, 0xd4, 0xa0, 0x35, 0x2b, 0xae, 0xf0, 0xc0, 0x69,
536 0x05, 0xcf, 0x2a, 0x50, 0x33, 0xf9, 0xe3, 0x92, 0x79, 0x0a, 0xd1, 0x7b,
537 0x9f, 0x22, 0x00, 0xf0, 0x3b, 0x0e, 0x5d, 0x2e, 0xb7, 0x23, 0x24, 0xf3,
538 0x6a, 0xd8, 0x17, 0x65, 0x41, 0xe6
539 };
540
541 static struct ec_der_pub_keys_st {
542 const unsigned char *der;
543 size_t len;
544 int valid;
545 } ec_der_pub_keys[] = {
546 { ec_public_sect163k1_validxy, sizeof(ec_public_sect163k1_validxy), 1 },
547 { ec_public_sect163k1_badx, sizeof(ec_public_sect163k1_badx), 0 },
548 { ec_public_sect163k1_bady, sizeof(ec_public_sect163k1_bady), 0 },
549 };
550
551 /*
552 * Tests the range of the decoded EC char2 public point.
553 * See ec_GF2m_simple_oct2point().
554 */
test_invalide_ec_char2_pub_range_decode(int id)555 static int test_invalide_ec_char2_pub_range_decode(int id)
556 {
557 int ret = 0;
558 BIO *bio = NULL;
559 EC_KEY *eckey = NULL;
560
561 if (!TEST_ptr(bio = BIO_new_mem_buf(ec_der_pub_keys[id].der,
562 ec_der_pub_keys[id].len)))
563 goto err;
564 eckey = d2i_EC_PUBKEY_bio(bio, NULL);
565 ret = (ec_der_pub_keys[id].valid && TEST_ptr(eckey))
566 || TEST_ptr_null(eckey);
567 err:
568 EC_KEY_free(eckey);
569 BIO_free(bio);
570 return ret;
571 }
572
573 /* Tests loading a bad key in PKCS8 format */
test_EVP_PKCS82PKEY(void)574 static int test_EVP_PKCS82PKEY(void)
575 {
576 int ret = 0;
577 const unsigned char *derp = kExampleBadECKeyDER;
578 PKCS8_PRIV_KEY_INFO *p8inf = NULL;
579 EVP_PKEY *pkey = NULL;
580
581 if (!TEST_ptr(p8inf = d2i_PKCS8_PRIV_KEY_INFO(NULL, &derp,
582 sizeof(kExampleBadECKeyDER))))
583 goto done;
584
585 if (!TEST_ptr_eq(derp,
586 kExampleBadECKeyDER + sizeof(kExampleBadECKeyDER)))
587 goto done;
588
589 if (!TEST_ptr_null(pkey = EVP_PKCS82PKEY(p8inf)))
590 goto done;
591
592 ret = 1;
593
594 done:
595 PKCS8_PRIV_KEY_INFO_free(p8inf);
596 EVP_PKEY_free(pkey);
597
598 return ret;
599 }
600 #endif
601
602 #ifndef OPENSSL_NO_SM2
603
test_EVP_SM2_verify(void)604 static int test_EVP_SM2_verify(void)
605 {
606 /* From https://tools.ietf.org/html/draft-shen-sm2-ecdsa-02#appendix-A */
607 const char *pubkey =
608 "-----BEGIN PUBLIC KEY-----\n"
609 "MIIBMzCB7AYHKoZIzj0CATCB4AIBATAsBgcqhkjOPQEBAiEAhULWnkwETxjouSQ1\n"
610 "v2/33kVyg5FcRVF9ci7biwjx38MwRAQgeHlotPoyw/0kF4Quc7v+/y88hItoMdfg\n"
611 "7GUiizk35JgEIGPkxtOyOwyEnPhCQUhL/kj2HVmlsWugbm4S0donxSSaBEEEQh3r\n"
612 "1hti6rZ0ZDTrw8wxXjIiCzut1QvcTE5sFH/t1D0GgFEry7QsB9RzSdIVO3DE5df9\n"
613 "/L+jbqGoWEG55G4JogIhAIVC1p5MBE8Y6LkkNb9v990pdyBjBIVijVrnTufDLnm3\n"
614 "AgEBA0IABArkx3mKoPEZRxvuEYJb5GICu3nipYRElel8BP9N8lSKfAJA+I8c1OFj\n"
615 "Uqc8F7fxbwc1PlOhdtaEqf4Ma7eY6Fc=\n"
616 "-----END PUBLIC KEY-----\n";
617
618 const char *msg = "message digest";
619 const char *id = "ALICE123@YAHOO.COM";
620
621 const uint8_t signature[] = {
622 0x30, 0x44, 0x02, 0x20,
623
624 0x40, 0xF1, 0xEC, 0x59, 0xF7, 0x93, 0xD9, 0xF4, 0x9E, 0x09, 0xDC,
625 0xEF, 0x49, 0x13, 0x0D, 0x41, 0x94, 0xF7, 0x9F, 0xB1, 0xEE, 0xD2,
626 0xCA, 0xA5, 0x5B, 0xAC, 0xDB, 0x49, 0xC4, 0xE7, 0x55, 0xD1,
627
628 0x02, 0x20,
629
630 0x6F, 0xC6, 0xDA, 0xC3, 0x2C, 0x5D, 0x5C, 0xF1, 0x0C, 0x77, 0xDF,
631 0xB2, 0x0F, 0x7C, 0x2E, 0xB6, 0x67, 0xA4, 0x57, 0x87, 0x2F, 0xB0,
632 0x9E, 0xC5, 0x63, 0x27, 0xA6, 0x7E, 0xC7, 0xDE, 0xEB, 0xE7
633 };
634
635 int rc = 0;
636 BIO *bio = NULL;
637 EVP_PKEY *pkey = NULL;
638 EVP_MD_CTX *mctx = NULL;
639 EVP_PKEY_CTX *pctx = NULL;
640
641 bio = BIO_new_mem_buf(pubkey, strlen(pubkey));
642 if (!TEST_true(bio != NULL))
643 goto done;
644
645 pkey = PEM_read_bio_PUBKEY(bio, NULL, NULL, NULL);
646 if (!TEST_true(pkey != NULL))
647 goto done;
648
649 if (!TEST_true(EVP_PKEY_set_alias_type(pkey, EVP_PKEY_SM2)))
650 goto done;
651
652 if (!TEST_ptr(mctx = EVP_MD_CTX_new()))
653 goto done;
654
655 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new(pkey, NULL)))
656 goto done;
657
658 if (!TEST_int_gt(EVP_PKEY_CTX_set1_id(pctx, (const uint8_t *)id,
659 strlen(id)), 0))
660 goto done;
661
662 EVP_MD_CTX_set_pkey_ctx(mctx, pctx);
663
664 if (!TEST_true(EVP_DigestVerifyInit(mctx, NULL, EVP_sm3(), NULL, pkey)))
665 goto done;
666
667 if (!TEST_true(EVP_DigestVerifyUpdate(mctx, msg, strlen(msg))))
668 goto done;
669
670 if (!TEST_true(EVP_DigestVerifyFinal(mctx, signature, sizeof(signature))))
671 goto done;
672 rc = 1;
673
674 done:
675 BIO_free(bio);
676 EVP_PKEY_free(pkey);
677 EVP_PKEY_CTX_free(pctx);
678 EVP_MD_CTX_free(mctx);
679 return rc;
680 }
681
test_EVP_SM2(void)682 static int test_EVP_SM2(void)
683 {
684 int ret = 0;
685 EVP_PKEY *pkey = NULL;
686 EVP_PKEY *params = NULL;
687 EVP_PKEY_CTX *pctx = NULL;
688 EVP_PKEY_CTX *kctx = NULL;
689 EVP_PKEY_CTX *sctx = NULL;
690 size_t sig_len = 0;
691 unsigned char *sig = NULL;
692 EVP_MD_CTX *md_ctx = NULL;
693 EVP_MD_CTX *md_ctx_verify = NULL;
694 EVP_PKEY_CTX *cctx = NULL;
695
696 uint8_t ciphertext[128];
697 size_t ctext_len = sizeof(ciphertext);
698
699 uint8_t plaintext[8];
700 size_t ptext_len = sizeof(plaintext);
701
702 uint8_t sm2_id[] = {1, 2, 3, 4, 'l', 'e', 't', 't', 'e', 'r'};
703
704 pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_EC, NULL);
705 if (!TEST_ptr(pctx))
706 goto done;
707
708 if (!TEST_true(EVP_PKEY_paramgen_init(pctx) == 1))
709 goto done;
710
711 if (!TEST_true(EVP_PKEY_CTX_set_ec_paramgen_curve_nid(pctx, NID_sm2)))
712 goto done;
713
714 if (!TEST_true(EVP_PKEY_paramgen(pctx, ¶ms)))
715 goto done;
716
717 kctx = EVP_PKEY_CTX_new(params, NULL);
718 if (!TEST_ptr(kctx))
719 goto done;
720
721 if (!TEST_true(EVP_PKEY_keygen_init(kctx)))
722 goto done;
723
724 if (!TEST_true(EVP_PKEY_keygen(kctx, &pkey)))
725 goto done;
726
727 if (!TEST_true(EVP_PKEY_set_alias_type(pkey, EVP_PKEY_SM2)))
728 goto done;
729
730 if (!TEST_ptr(md_ctx = EVP_MD_CTX_new()))
731 goto done;
732
733 if (!TEST_ptr(md_ctx_verify = EVP_MD_CTX_new()))
734 goto done;
735
736 if (!TEST_ptr(sctx = EVP_PKEY_CTX_new(pkey, NULL)))
737 goto done;
738
739 EVP_MD_CTX_set_pkey_ctx(md_ctx, sctx);
740 EVP_MD_CTX_set_pkey_ctx(md_ctx_verify, sctx);
741
742 if (!TEST_int_gt(EVP_PKEY_CTX_set1_id(sctx, sm2_id, sizeof(sm2_id)), 0))
743 goto done;
744
745 if (!TEST_true(EVP_DigestSignInit(md_ctx, NULL, EVP_sm3(), NULL, pkey)))
746 goto done;
747
748 if(!TEST_true(EVP_DigestSignUpdate(md_ctx, kMsg, sizeof(kMsg))))
749 goto done;
750
751 /* Determine the size of the signature. */
752 if (!TEST_true(EVP_DigestSignFinal(md_ctx, NULL, &sig_len)))
753 goto done;
754
755 if (!TEST_size_t_eq(sig_len, (size_t)EVP_PKEY_size(pkey)))
756 goto done;
757
758 if (!TEST_ptr(sig = OPENSSL_malloc(sig_len)))
759 goto done;
760
761 if (!TEST_true(EVP_DigestSignFinal(md_ctx, sig, &sig_len)))
762 goto done;
763
764 /* Ensure that the signature round-trips. */
765
766 if (!TEST_true(EVP_DigestVerifyInit(md_ctx_verify, NULL, EVP_sm3(), NULL, pkey)))
767 goto done;
768
769 if (!TEST_true(EVP_DigestVerifyUpdate(md_ctx_verify, kMsg, sizeof(kMsg))))
770 goto done;
771
772 if (!TEST_true(EVP_DigestVerifyFinal(md_ctx_verify, sig, sig_len)))
773 goto done;
774
775 /* now check encryption/decryption */
776
777 if (!TEST_ptr(cctx = EVP_PKEY_CTX_new(pkey, NULL)))
778 goto done;
779
780 if (!TEST_true(EVP_PKEY_encrypt_init(cctx)))
781 goto done;
782
783 if (!TEST_true(EVP_PKEY_encrypt(cctx, ciphertext, &ctext_len, kMsg, sizeof(kMsg))))
784 goto done;
785
786 if (!TEST_true(EVP_PKEY_decrypt_init(cctx)))
787 goto done;
788
789 if (!TEST_true(EVP_PKEY_decrypt(cctx, plaintext, &ptext_len, ciphertext, ctext_len)))
790 goto done;
791
792 if (!TEST_true(ptext_len == sizeof(kMsg)))
793 goto done;
794
795 if (!TEST_true(memcmp(plaintext, kMsg, sizeof(kMsg)) == 0))
796 goto done;
797
798 ret = 1;
799 done:
800 EVP_PKEY_CTX_free(pctx);
801 EVP_PKEY_CTX_free(kctx);
802 EVP_PKEY_CTX_free(sctx);
803 EVP_PKEY_CTX_free(cctx);
804 EVP_PKEY_free(pkey);
805 EVP_PKEY_free(params);
806 EVP_MD_CTX_free(md_ctx);
807 EVP_MD_CTX_free(md_ctx_verify);
808 OPENSSL_free(sig);
809 return ret;
810 }
811
812 #endif
813
814 static struct keys_st {
815 int type;
816 char *priv;
817 char *pub;
818 } keys[] = {
819 {
820 EVP_PKEY_HMAC, "0123456789", NULL
821 }, {
822 EVP_PKEY_POLY1305, "01234567890123456789012345678901", NULL
823 }, {
824 EVP_PKEY_SIPHASH, "0123456789012345", NULL
825 },
826 #ifndef OPENSSL_NO_EC
827 {
828 EVP_PKEY_X25519, "01234567890123456789012345678901",
829 "abcdefghijklmnopqrstuvwxyzabcdef"
830 }, {
831 EVP_PKEY_ED25519, "01234567890123456789012345678901",
832 "abcdefghijklmnopqrstuvwxyzabcdef"
833 }, {
834 EVP_PKEY_X448,
835 "01234567890123456789012345678901234567890123456789012345",
836 "abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcd"
837 }, {
838 EVP_PKEY_ED448,
839 "012345678901234567890123456789012345678901234567890123456",
840 "abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcde"
841 }
842 #endif
843 };
844
test_set_get_raw_keys_int(int tst,int pub)845 static int test_set_get_raw_keys_int(int tst, int pub)
846 {
847 int ret = 0;
848 unsigned char buf[80];
849 unsigned char *in;
850 size_t inlen, len = 0;
851 EVP_PKEY *pkey;
852
853 /* Check if this algorithm supports public keys */
854 if (keys[tst].pub == NULL)
855 return 1;
856
857 memset(buf, 0, sizeof(buf));
858
859 if (pub) {
860 inlen = strlen(keys[tst].pub);
861 in = (unsigned char *)keys[tst].pub;
862 pkey = EVP_PKEY_new_raw_public_key(keys[tst].type,
863 NULL,
864 in,
865 inlen);
866 } else {
867 inlen = strlen(keys[tst].priv);
868 in = (unsigned char *)keys[tst].priv;
869 pkey = EVP_PKEY_new_raw_private_key(keys[tst].type,
870 NULL,
871 in,
872 inlen);
873 }
874
875 if (!TEST_ptr(pkey)
876 || (!pub && !TEST_true(EVP_PKEY_get_raw_private_key(pkey, NULL, &len)))
877 || (pub && !TEST_true(EVP_PKEY_get_raw_public_key(pkey, NULL, &len)))
878 || !TEST_true(len == inlen)
879 || (!pub && !TEST_true(EVP_PKEY_get_raw_private_key(pkey, buf, &len)))
880 || (pub && !TEST_true(EVP_PKEY_get_raw_public_key(pkey, buf, &len)))
881 || !TEST_mem_eq(in, inlen, buf, len))
882 goto done;
883
884 ret = 1;
885 done:
886 EVP_PKEY_free(pkey);
887 return ret;
888 }
889
test_set_get_raw_keys(int tst)890 static int test_set_get_raw_keys(int tst)
891 {
892 return test_set_get_raw_keys_int(tst, 0)
893 && test_set_get_raw_keys_int(tst, 1);
894 }
895
pkey_custom_check(EVP_PKEY * pkey)896 static int pkey_custom_check(EVP_PKEY *pkey)
897 {
898 return 0xbeef;
899 }
900
pkey_custom_pub_check(EVP_PKEY * pkey)901 static int pkey_custom_pub_check(EVP_PKEY *pkey)
902 {
903 return 0xbeef;
904 }
905
pkey_custom_param_check(EVP_PKEY * pkey)906 static int pkey_custom_param_check(EVP_PKEY *pkey)
907 {
908 return 0xbeef;
909 }
910
911 static EVP_PKEY_METHOD *custom_pmeth;
912
test_EVP_PKEY_check(int i)913 static int test_EVP_PKEY_check(int i)
914 {
915 int ret = 0;
916 const unsigned char *p;
917 EVP_PKEY *pkey = NULL;
918 #ifndef OPENSSL_NO_EC
919 EC_KEY *eckey = NULL;
920 #endif
921 EVP_PKEY_CTX *ctx = NULL;
922 EVP_PKEY_CTX *ctx2 = NULL;
923 const APK_DATA *ak = &keycheckdata[i];
924 const unsigned char *input = ak->kder;
925 size_t input_len = ak->size;
926 int expected_id = ak->evptype;
927 int expected_check = ak->check;
928 int expected_pub_check = ak->pub_check;
929 int expected_param_check = ak->param_check;
930 int type = ak->type;
931 BIO *pubkey = NULL;
932
933 p = input;
934
935 switch (type) {
936 case 0:
937 if (!TEST_ptr(pkey = d2i_AutoPrivateKey(NULL, &p, input_len))
938 || !TEST_ptr_eq(p, input + input_len)
939 || !TEST_int_eq(EVP_PKEY_id(pkey), expected_id))
940 goto done;
941 break;
942 #ifndef OPENSSL_NO_EC
943 case 1:
944 if (!TEST_ptr(pubkey = BIO_new_mem_buf(input, input_len))
945 || !TEST_ptr(eckey = d2i_EC_PUBKEY_bio(pubkey, NULL))
946 || !TEST_ptr(pkey = EVP_PKEY_new())
947 || !TEST_true(EVP_PKEY_assign_EC_KEY(pkey, eckey)))
948 goto done;
949 break;
950 case 2:
951 if (!TEST_ptr(eckey = d2i_ECParameters(NULL, &p, input_len))
952 || !TEST_ptr_eq(p, input + input_len)
953 || !TEST_ptr(pkey = EVP_PKEY_new())
954 || !TEST_true(EVP_PKEY_assign_EC_KEY(pkey, eckey)))
955 goto done;
956 break;
957 #endif
958 default:
959 return 0;
960 }
961
962 if (!TEST_ptr(ctx = EVP_PKEY_CTX_new(pkey, NULL)))
963 goto done;
964
965 if (!TEST_int_eq(EVP_PKEY_check(ctx), expected_check))
966 goto done;
967
968 if (!TEST_int_eq(EVP_PKEY_public_check(ctx), expected_pub_check))
969 goto done;
970
971 if (!TEST_int_eq(EVP_PKEY_param_check(ctx), expected_param_check))
972 goto done;
973
974 ctx2 = EVP_PKEY_CTX_new_id(0xdefaced, NULL);
975 /* assign the pkey directly, as an internal test */
976 EVP_PKEY_up_ref(pkey);
977 ctx2->pkey = pkey;
978
979 if (!TEST_int_eq(EVP_PKEY_check(ctx2), 0xbeef))
980 goto done;
981
982 if (!TEST_int_eq(EVP_PKEY_public_check(ctx2), 0xbeef))
983 goto done;
984
985 if (!TEST_int_eq(EVP_PKEY_param_check(ctx2), 0xbeef))
986 goto done;
987
988 ret = 1;
989
990 done:
991 EVP_PKEY_CTX_free(ctx);
992 EVP_PKEY_CTX_free(ctx2);
993 EVP_PKEY_free(pkey);
994 BIO_free(pubkey);
995 return ret;
996 }
997
test_HKDF(void)998 static int test_HKDF(void)
999 {
1000 EVP_PKEY_CTX *pctx;
1001 unsigned char out[20];
1002 size_t outlen;
1003 int i, ret = 0;
1004 unsigned char salt[] = "0123456789";
1005 unsigned char key[] = "012345678901234567890123456789";
1006 unsigned char info[] = "infostring";
1007 const unsigned char expected[] = {
1008 0xe5, 0x07, 0x70, 0x7f, 0xc6, 0x78, 0xd6, 0x54, 0x32, 0x5f, 0x7e, 0xc5,
1009 0x7b, 0x59, 0x3e, 0xd8, 0x03, 0x6b, 0xed, 0xca
1010 };
1011 size_t expectedlen = sizeof(expected);
1012
1013 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_HKDF, NULL)))
1014 goto done;
1015
1016 /* We do this twice to test reuse of the EVP_PKEY_CTX */
1017 for (i = 0; i < 2; i++) {
1018 outlen = sizeof(out);
1019 memset(out, 0, outlen);
1020
1021 if (!TEST_int_gt(EVP_PKEY_derive_init(pctx), 0)
1022 || !TEST_int_gt(EVP_PKEY_CTX_set_hkdf_md(pctx, EVP_sha256()), 0)
1023 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_salt(pctx, salt,
1024 sizeof(salt) - 1), 0)
1025 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_key(pctx, key,
1026 sizeof(key) - 1), 0)
1027 || !TEST_int_gt(EVP_PKEY_CTX_add1_hkdf_info(pctx, info,
1028 sizeof(info) - 1), 0)
1029 || !TEST_int_gt(EVP_PKEY_derive(pctx, out, &outlen), 0)
1030 || !TEST_mem_eq(out, outlen, expected, expectedlen))
1031 goto done;
1032 }
1033
1034 ret = 1;
1035
1036 done:
1037 EVP_PKEY_CTX_free(pctx);
1038
1039 return ret;
1040 }
1041
1042 #ifndef OPENSSL_NO_EC
test_X509_PUBKEY_inplace(void)1043 static int test_X509_PUBKEY_inplace(void)
1044 {
1045 int ret = 0;
1046 X509_PUBKEY *xp = NULL;
1047 const unsigned char *p = kExampleECPubKeyDER;
1048 size_t input_len = sizeof(kExampleECPubKeyDER);
1049
1050 if (!TEST_ptr(xp = d2i_X509_PUBKEY(NULL, &p, input_len)))
1051 goto done;
1052
1053 if (!TEST_ptr(X509_PUBKEY_get0(xp)))
1054 goto done;
1055
1056 p = kExampleBadECPubKeyDER;
1057 input_len = sizeof(kExampleBadECPubKeyDER);
1058
1059 if (!TEST_ptr(xp = d2i_X509_PUBKEY(&xp, &p, input_len)))
1060 goto done;
1061
1062 if (!TEST_true(X509_PUBKEY_get0(xp) == NULL))
1063 goto done;
1064
1065 ret = 1;
1066
1067 done:
1068 X509_PUBKEY_free(xp);
1069 return ret;
1070 }
1071 #endif
1072
1073 #if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
test_decrypt_null_chunks(void)1074 static int test_decrypt_null_chunks(void)
1075 {
1076 EVP_CIPHER_CTX* ctx = NULL;
1077 const unsigned char key[32] = {
1078 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
1079 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
1080 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1
1081 };
1082 unsigned char iv[12] = {
1083 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b
1084 };
1085 unsigned char msg[] = "It was the best of times, it was the worst of times";
1086 unsigned char ciphertext[80];
1087 unsigned char plaintext[80];
1088 /* We initialise tmp to a non zero value on purpose */
1089 int ctlen, ptlen, tmp = 99;
1090 int ret = 0;
1091 const int enc_offset = 10, dec_offset = 20;
1092
1093 if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new())
1094 || !TEST_true(EVP_EncryptInit_ex(ctx, EVP_chacha20_poly1305(), NULL,
1095 key, iv))
1096 || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext, &ctlen, msg,
1097 enc_offset))
1098 /* Deliberate add a zero length update */
1099 || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext + ctlen, &tmp, NULL,
1100 0))
1101 || !TEST_int_eq(tmp, 0)
1102 || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext + ctlen, &tmp,
1103 msg + enc_offset,
1104 sizeof(msg) - enc_offset))
1105 || !TEST_int_eq(ctlen += tmp, sizeof(msg))
1106 || !TEST_true(EVP_EncryptFinal(ctx, ciphertext + ctlen, &tmp))
1107 || !TEST_int_eq(tmp, 0))
1108 goto err;
1109
1110 /* Deliberately initialise tmp to a non zero value */
1111 tmp = 99;
1112 if (!TEST_true(EVP_DecryptInit_ex(ctx, EVP_chacha20_poly1305(), NULL, key,
1113 iv))
1114 || !TEST_true(EVP_DecryptUpdate(ctx, plaintext, &ptlen, ciphertext,
1115 dec_offset))
1116 /*
1117 * Deliberately add a zero length update. We also deliberately do
1118 * this at a different offset than for encryption.
1119 */
1120 || !TEST_true(EVP_DecryptUpdate(ctx, plaintext + ptlen, &tmp, NULL,
1121 0))
1122 || !TEST_int_eq(tmp, 0)
1123 || !TEST_true(EVP_DecryptUpdate(ctx, plaintext + ptlen, &tmp,
1124 ciphertext + dec_offset,
1125 ctlen - dec_offset))
1126 || !TEST_int_eq(ptlen += tmp, sizeof(msg))
1127 || !TEST_true(EVP_DecryptFinal(ctx, plaintext + ptlen, &tmp))
1128 || !TEST_int_eq(tmp, 0)
1129 || !TEST_mem_eq(msg, sizeof(msg), plaintext, ptlen))
1130 goto err;
1131
1132 ret = 1;
1133 err:
1134 EVP_CIPHER_CTX_free(ctx);
1135 return ret;
1136 }
1137 #endif /* !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305) */
1138
1139 #ifndef OPENSSL_NO_DH
test_EVP_PKEY_set1_DH(void)1140 static int test_EVP_PKEY_set1_DH(void)
1141 {
1142 DH *x942dh, *pkcs3dh;
1143 EVP_PKEY *pkey1, *pkey2;
1144 int ret = 0;
1145
1146 x942dh = DH_get_2048_256();
1147 pkcs3dh = DH_new_by_nid(NID_ffdhe2048);
1148 pkey1 = EVP_PKEY_new();
1149 pkey2 = EVP_PKEY_new();
1150 if (!TEST_ptr(x942dh)
1151 || !TEST_ptr(pkcs3dh)
1152 || !TEST_ptr(pkey1)
1153 || !TEST_ptr(pkey2))
1154 goto err;
1155
1156 if(!TEST_true(EVP_PKEY_set1_DH(pkey1, x942dh))
1157 || !TEST_int_eq(EVP_PKEY_id(pkey1), EVP_PKEY_DHX))
1158 goto err;
1159
1160
1161 if(!TEST_true(EVP_PKEY_set1_DH(pkey2, pkcs3dh))
1162 || !TEST_int_eq(EVP_PKEY_id(pkey2), EVP_PKEY_DH))
1163 goto err;
1164
1165 ret = 1;
1166 err:
1167 EVP_PKEY_free(pkey1);
1168 EVP_PKEY_free(pkey2);
1169 DH_free(x942dh);
1170 DH_free(pkcs3dh);
1171
1172 return ret;
1173 }
1174 #endif
1175
setup_tests(void)1176 int setup_tests(void)
1177 {
1178 ADD_TEST(test_EVP_DigestSignInit);
1179 ADD_TEST(test_EVP_DigestVerifyInit);
1180 ADD_TEST(test_EVP_Enveloped);
1181 ADD_ALL_TESTS(test_d2i_AutoPrivateKey, OSSL_NELEM(keydata));
1182 #ifndef OPENSSL_NO_EC
1183 ADD_TEST(test_EVP_PKCS82PKEY);
1184 #endif
1185 #ifndef OPENSSL_NO_SM2
1186 ADD_TEST(test_EVP_SM2);
1187 ADD_TEST(test_EVP_SM2_verify);
1188 #endif
1189 ADD_ALL_TESTS(test_set_get_raw_keys, OSSL_NELEM(keys));
1190 custom_pmeth = EVP_PKEY_meth_new(0xdefaced, 0);
1191 if (!TEST_ptr(custom_pmeth))
1192 return 0;
1193 EVP_PKEY_meth_set_check(custom_pmeth, pkey_custom_check);
1194 EVP_PKEY_meth_set_public_check(custom_pmeth, pkey_custom_pub_check);
1195 EVP_PKEY_meth_set_param_check(custom_pmeth, pkey_custom_param_check);
1196 if (!TEST_int_eq(EVP_PKEY_meth_add0(custom_pmeth), 1))
1197 return 0;
1198 ADD_ALL_TESTS(test_EVP_PKEY_check, OSSL_NELEM(keycheckdata));
1199 ADD_TEST(test_HKDF);
1200 #ifndef OPENSSL_NO_EC
1201 ADD_TEST(test_X509_PUBKEY_inplace);
1202 ADD_ALL_TESTS(test_invalide_ec_char2_pub_range_decode,
1203 OSSL_NELEM(ec_der_pub_keys));
1204 #endif
1205 #if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
1206 ADD_TEST(test_decrypt_null_chunks);
1207 #endif
1208 #ifndef OPENSSL_NO_DH
1209 ADD_TEST(test_EVP_PKEY_set1_DH);
1210 #endif
1211
1212 return 1;
1213 }
1214