1*e0c4386eSCy Schubert# 2*e0c4386eSCy Schubert# Copyright 2001-2022 The OpenSSL Project Authors. All Rights Reserved. 3*e0c4386eSCy Schubert# 4*e0c4386eSCy Schubert# Licensed under the Apache License 2.0 (the "License"). You may not use 5*e0c4386eSCy Schubert# this file except in compliance with the License. You can obtain a copy 6*e0c4386eSCy Schubert# in the file LICENSE in the source distribution or at 7*e0c4386eSCy Schubert# https://www.openssl.org/source/license.html 8*e0c4386eSCy Schubert 9*e0c4386eSCy Schubert# Tests start with one of these keywords 10*e0c4386eSCy Schubert# Cipher Decrypt Derive Digest Encoding KDF MAC PBE 11*e0c4386eSCy Schubert# PrivPubKeyPair Sign Verify VerifyRecover 12*e0c4386eSCy Schubert# and continue until a blank line. Lines starting with a pound sign are ignored. 13*e0c4386eSCy Schubert# The keyword Availablein must appear before the test name if needed. 14*e0c4386eSCy Schubert 15*e0c4386eSCy Schubert# Public key algorithm tests 16*e0c4386eSCy Schubert 17*e0c4386eSCy Schubert# Private keys used for PKEY operations. 18*e0c4386eSCy Schubert 19*e0c4386eSCy Schubert# EC P-256 key 20*e0c4386eSCy Schubert 21*e0c4386eSCy SchubertPrivateKey=P-256 22*e0c4386eSCy Schubert-----BEGIN PRIVATE KEY----- 23*e0c4386eSCy SchubertMIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgiocvtiiTxNH/xbnw 24*e0c4386eSCy Schubert+RdYBp+DUuCPoFpJ+NuSbLVyhyWhRANCAAQsFQ9CnOcPIWwlLPXgYs4fY5zV0WXH 25*e0c4386eSCy Schubert+JQkBywnGX14szuSDpXNtmTpkNzwz+oNlOKo5q+dDlgFbmUxBJJbn+bJ 26*e0c4386eSCy Schubert-----END PRIVATE KEY----- 27*e0c4386eSCy Schubert 28*e0c4386eSCy Schubert# EC public key for above 29*e0c4386eSCy Schubert 30*e0c4386eSCy SchubertPublicKey=P-256-PUBLIC 31*e0c4386eSCy Schubert-----BEGIN PUBLIC KEY----- 32*e0c4386eSCy SchubertMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAELBUPQpznDyFsJSz14GLOH2Oc1dFl 33*e0c4386eSCy Schubertx/iUJAcsJxl9eLM7kg6VzbZk6ZDc8M/qDZTiqOavnQ5YBW5lMQSSW5/myQ== 34*e0c4386eSCy Schubert-----END PUBLIC KEY----- 35*e0c4386eSCy Schubert 36*e0c4386eSCy SchubertPrivPubKeyPair = P-256:P-256-PUBLIC 37*e0c4386eSCy Schubert 38*e0c4386eSCy SchubertTitle = ECDSA tests 39*e0c4386eSCy Schubert 40*e0c4386eSCy SchubertVerify = P-256 41*e0c4386eSCy SchubertCtrl = digest:SHA1 42*e0c4386eSCy SchubertInput = "0123456789ABCDEF1234" 43*e0c4386eSCy SchubertOutput = 3045022100b1d1cb1a577035bccdd5a86c6148c2cc7c633cd42b7234139b593076d041e15202201898cdd52b41ca502098184b409cf83a21bc945006746e3b7cea52234e043ec8 44*e0c4386eSCy Schubert 45*e0c4386eSCy Schubert# Digest too long 46*e0c4386eSCy SchubertVerify = P-256 47*e0c4386eSCy SchubertCtrl = digest:SHA1 48*e0c4386eSCy SchubertInput = "0123456789ABCDEF12345" 49*e0c4386eSCy SchubertOutput = 3045022100b1d1cb1a577035bccdd5a86c6148c2cc7c633cd42b7234139b593076d041e15202201898cdd52b41ca502098184b409cf83a21bc945006746e3b7cea52234e043ec8 50*e0c4386eSCy SchubertResult = VERIFY_ERROR 51*e0c4386eSCy Schubert 52*e0c4386eSCy Schubert# Digest too short 53*e0c4386eSCy SchubertVerify = P-256 54*e0c4386eSCy SchubertCtrl = digest:SHA1 55*e0c4386eSCy SchubertInput = "0123456789ABCDEF123" 56*e0c4386eSCy SchubertOutput = 3045022100b1d1cb1a577035bccdd5a86c6148c2cc7c633cd42b7234139b593076d041e15202201898cdd52b41ca502098184b409cf83a21bc945006746e3b7cea52234e043ec8 57*e0c4386eSCy SchubertResult = VERIFY_ERROR 58*e0c4386eSCy Schubert 59*e0c4386eSCy Schubert# Digest invalid 60*e0c4386eSCy SchubertVerify = P-256 61*e0c4386eSCy SchubertCtrl = digest:SHA1 62*e0c4386eSCy SchubertInput = "0123456789ABCDEF1235" 63*e0c4386eSCy SchubertOutput = 3045022100b1d1cb1a577035bccdd5a86c6148c2cc7c633cd42b7234139b593076d041e15202201898cdd52b41ca502098184b409cf83a21bc945006746e3b7cea52234e043ec8 64*e0c4386eSCy SchubertResult = VERIFY_ERROR 65*e0c4386eSCy Schubert 66*e0c4386eSCy Schubert# Invalid signature 67*e0c4386eSCy SchubertVerify = P-256 68*e0c4386eSCy SchubertCtrl = digest:SHA1 69*e0c4386eSCy SchubertInput = "0123456789ABCDEF1234" 70*e0c4386eSCy SchubertOutput = 3045022100b1d1cb1a577035bccdd5a86c6148c2cc7c633cd42b7234139b593076d041e15202201898cdd52b41ca502098184b409cf83a21bc945006746e3b7cea52234e043ec7 71*e0c4386eSCy SchubertResult = VERIFY_ERROR 72*e0c4386eSCy Schubert 73*e0c4386eSCy Schubert# Garbage after signature 74*e0c4386eSCy SchubertAvailablein = default 75*e0c4386eSCy SchubertVerify = P-256 76*e0c4386eSCy SchubertCtrl = digest:SHA1 77*e0c4386eSCy SchubertInput = "0123456789ABCDEF1234" 78*e0c4386eSCy SchubertOutput = 3045022100b1d1cb1a577035bccdd5a86c6148c2cc7c633cd42b7234139b593076d041e15202201898cdd52b41ca502098184b409cf83a21bc945006746e3b7cea52234e043ec800 79*e0c4386eSCy SchubertResult = VERIFY_ERROR 80*e0c4386eSCy Schubert 81*e0c4386eSCy Schubert# BER signature 82*e0c4386eSCy SchubertVerify = P-256 83*e0c4386eSCy SchubertCtrl = digest:SHA1 84*e0c4386eSCy SchubertInput = "0123456789ABCDEF1234" 85*e0c4386eSCy SchubertOutput = 3080022100b1d1cb1a577035bccdd5a86c6148c2cc7c633cd42b7234139b593076d041e15202201898cdd52b41ca502098184b409cf83a21bc945006746e3b7cea52234e043ec80000 86*e0c4386eSCy SchubertResult = VERIFY_ERROR 87*e0c4386eSCy Schubert 88*e0c4386eSCy SchubertVerify = P-256-PUBLIC 89*e0c4386eSCy SchubertCtrl = digest:SHA1 90*e0c4386eSCy SchubertInput = "0123456789ABCDEF1234" 91*e0c4386eSCy SchubertOutput = 3045022100b1d1cb1a577035bccdd5a86c6148c2cc7c633cd42b7234139b593076d041e15202201898cdd52b41ca502098184b409cf83a21bc945006746e3b7cea52234e043ec8 92*e0c4386eSCy Schubert 93*e0c4386eSCy SchubertTitle = DigestSign and DigestVerify 94*e0c4386eSCy Schubert 95*e0c4386eSCy SchubertDigestVerify = SHA256 96*e0c4386eSCy SchubertKey = P-256-PUBLIC 97*e0c4386eSCy SchubertInput = "Hello World" 98*e0c4386eSCy SchubertOutput = 3046022100e7515177ec3817b77a4a94066ab3070817b7aa9d44a8a09f040da250116e8972022100ba59b0f631258e59a9026be5d84f60685f4cf22b9165a0c2736d5c21c8ec1862 99*e0c4386eSCy Schubert 100*e0c4386eSCy SchubertPublicKey=P-384-PUBLIC 101*e0c4386eSCy Schubert-----BEGIN PUBLIC KEY----- 102*e0c4386eSCy SchubertMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAES/TlL5WEJ+u1kV+4yVlVUbTTo/2rZ7rd 103*e0c4386eSCy SchubertnWwwk/QlukNjDfcfQvDrfOqpTZ9kSKhd0wMxWIJJ/S/cCzCex+2EgbwW8ngAwT19 104*e0c4386eSCy SchuberttwD8guGxyFRaoMDTtW47/nifwYqRaIfC 105*e0c4386eSCy Schubert-----END PUBLIC KEY----- 106*e0c4386eSCy Schubert 107*e0c4386eSCy SchubertDigestVerify = SHA384 108*e0c4386eSCy SchubertKey = P-384-PUBLIC 109*e0c4386eSCy SchubertInput = "123400" 110*e0c4386eSCy SchubertOutput = 304d0218389cb27e0bc8d21fa7e5f24cb74f58851313e696333ad68b023100ffffffffffffffffffffffffffffffffffffffffffffffffc7634d81f4372ddf581a0db248b0a77aecec196accc52970 111*e0c4386eSCy Schubert 112*e0c4386eSCy Schubert# Oneshot tests 113*e0c4386eSCy SchubertOneShotDigestVerify = SHA256 114*e0c4386eSCy SchubertKey = P-256-PUBLIC 115*e0c4386eSCy SchubertInput = "Hello World" 116*e0c4386eSCy SchubertOutput = 3046022100e7515177ec3817b77a4a94066ab3070817b7aa9d44a8a09f040da250116e8972022100ba59b0f631258e59a9026be5d84f60685f4cf22b9165a0c2736d5c21c8ec1862 117*e0c4386eSCy Schubert 118*e0c4386eSCy Schubert# Test that mdsize != tbssize fails 119*e0c4386eSCy SchubertSign = P-256 120*e0c4386eSCy SchubertCtrl = digest:SHA256 121*e0c4386eSCy SchubertInput = "0123456789ABCDEF1234" 122*e0c4386eSCy SchubertResult = KEYOP_ERROR 123*e0c4386eSCy Schubert 124*e0c4386eSCy SchubertPrivateKey = P-256_NAMED_CURVE_EXPLICIT 125*e0c4386eSCy Schubert-----BEGIN PRIVATE KEY----- 126*e0c4386eSCy SchubertMIIBeQIBADCCAQMGByqGSM49AgEwgfcCAQEwLAYHKoZIzj0BAQIhAP////8AAAAB 127*e0c4386eSCy SchubertAAAAAAAAAAAAAAAA////////////////MFsEIP////8AAAABAAAAAAAAAAAAAAAA 128*e0c4386eSCy Schubert///////////////8BCBaxjXYqjqT57PrvVV2mIa8ZR0GsMxTsPY7zjw+J9JgSwMV 129*e0c4386eSCy SchubertAMSdNgiG5wSTamZ44ROdJreBn36QBEEEaxfR8uEsQkf4vOblY6RA8ncDfYEt6zOg 130*e0c4386eSCy Schubert9KE5RdiYwpZP40Li/hp/m47n60p8D54WK84zV2sxXs7LtkBoN79R9QIhAP////8A 131*e0c4386eSCy SchubertAAAA//////////+85vqtpxeehPO5ysL8YyVRAgEBBG0wawIBAQQgiUTxtr5vLVjj 132*e0c4386eSCy Schubert0BOXUa/4r82DJ30QoupYS/wlilW4gWehRANCAATM0n3q2UaDyaQ7OxzJM3B6prhW 133*e0c4386eSCy Schubert3ev1gTwRBduzqqlwd54AUSgI+pjttW8zrWNitO8H1sf59MPWOESKxNtZ1+Nl 134*e0c4386eSCy Schubert-----END PRIVATE KEY----- 135*e0c4386eSCy Schubert 136*e0c4386eSCy SchubertPrivateKey = EC_EXPLICIT 137*e0c4386eSCy Schubert-----BEGIN PRIVATE KEY----- 138*e0c4386eSCy SchubertMIIBeQIBADCCAQMGByqGSM49AgEwgfcCAQEwLAYHKoZIzj0BAQIhAP////8AAAAB 139*e0c4386eSCy SchubertAAAAAAAAAAAAAAAA////////////////MFsEIP////8AAAABAAAAAAAAAAAAAAAA 140*e0c4386eSCy Schubert///////////////8BCBaxjXYqjqT57PrvVV2mIa8ZR0GsMxTsPY7zjw+J9JgSwMV 141*e0c4386eSCy SchubertAMSdNgiG5wSTamZ44ROdJreBn36QBEEE5JcIvn36opqjEm/k59Al40rBAxWM2TPG 142*e0c4386eSCy Schubertl0L13Je51zHpfXQ9Z2o7IQicMXP4wSfJ0qCgg2bgydqoxlYrlLGuVQIhAP////8A 143*e0c4386eSCy SchubertAAAA//////////+85vqtpxeehPO5ysL8YyVRAgEBBG0wawIBAQQgec92jwduadCk 144*e0c4386eSCy SchubertOjoNRI+YT5Be5TkzZXzYCyTLkMOikDmhRANCAATtECEhQbLEaiUj/Wu0qjcr81lL 145*e0c4386eSCy Schubert46dx5zYgArz/iaSNJ3W80oO+F7v04jlQ7wxQzg96R0bwKiMeq5CcW9ZFt6xg 146*e0c4386eSCy Schubert-----END PRIVATE KEY----- 147*e0c4386eSCy Schubert 148*e0c4386eSCy SchubertPrivateKey = B-163 149*e0c4386eSCy Schubert-----BEGIN PRIVATE KEY----- 150*e0c4386eSCy SchubertMGMCAQAwEAYHKoZIzj0CAQYFK4EEAA8ETDBKAgEBBBUDnQW0mLiHVha/jqFznX/K 151*e0c4386eSCy SchubertDnVlDgChLgMsAAQB1qZ00fPIct+QN8skv1XIHtBNp3EGLytJV0tsAUTYtGhtrzRj 152*e0c4386eSCy Schuberte3GzYyg= 153*e0c4386eSCy Schubert-----END PRIVATE KEY----- 154*e0c4386eSCy Schubert 155*e0c4386eSCy SchubertPrivateKey = secp256k1 156*e0c4386eSCy Schubert-----BEGIN PRIVATE KEY----- 157*e0c4386eSCy SchubertMIGEAgEAMBAGByqGSM49AgEGBSuBBAAKBG0wawIBAQQgsLpFV9joHc0bisyV53XL 158*e0c4386eSCy SchubertmrG6/Gu6ZaHoXtKP/VFX44ehRANCAARLYWGgp5nP4N8guypLSbYGCVN6ZPCnWW4x 159*e0c4386eSCy SchubertsrYkcpdbxr4neRT3zC62keCKgPbJf5SIHkJ2Tcaw6hVSrBOUFtix 160*e0c4386eSCy Schubert-----END PRIVATE KEY----- 161*e0c4386eSCy Schubert 162*e0c4386eSCy SchubertTitle = FIPS tests 163*e0c4386eSCy Schubert 164*e0c4386eSCy Schubert# Test that a nist curve with < 112 bits is allowed in fips mode for verifying 165*e0c4386eSCy SchubertDigestVerify = SHA256 166*e0c4386eSCy SchubertKey = B-163 167*e0c4386eSCy SchubertInput = "Hello World" 168*e0c4386eSCy SchubertOutput = 302e0215027bb891747468b4b59ca2a2bf8f42d29d08866cf5021502cc311b25e9a2168e42240b07a6071070f687eb3b 169*e0c4386eSCy Schubert 170*e0c4386eSCy Schubert# Test that a nist curve with SHA3 is allowed in fips mode 171*e0c4386eSCy Schubert# The sign will get a mismatch error since the output signature changes on each run 172*e0c4386eSCy SchubertDigestSign = SHA3-512 173*e0c4386eSCy SchubertKey = P-256 174*e0c4386eSCy SchubertInput = "Hello World" 175*e0c4386eSCy SchubertResult = SIGNATURE_MISMATCH 176*e0c4386eSCy Schubert 177*e0c4386eSCy Schubert# Test that a explicit curve that is a named curve is allowed in fips mode 178*e0c4386eSCy SchubertDigestVerify = SHA256 179*e0c4386eSCy SchubertKey = P-256_NAMED_CURVE_EXPLICIT 180*e0c4386eSCy SchubertInput = "Hello World" 181*e0c4386eSCy SchubertOutput = 30450220796fcf472882ed5779226dcd0217b9d2b9acfe4fa2fb0109c8ee63c63adc1033022100e306c69f7e31b9a5d54eb12ba813cddf4de4af933e4f6cea38a0817d9d831d91 182*e0c4386eSCy Schubert 183*e0c4386eSCy SchubertTitle = FIPS Negative tests (using different curves and digests) 184*e0c4386eSCy Schubert 185*e0c4386eSCy Schubert# Test that a explicit curve is not allowed in fips mode 186*e0c4386eSCy SchubertAvailablein = fips 187*e0c4386eSCy SchubertDigestVerify = SHA256 188*e0c4386eSCy SchubertSecuritycheck = 1 189*e0c4386eSCy SchubertKey = EC_EXPLICIT 190*e0c4386eSCy SchubertInput = "Hello World" 191*e0c4386eSCy SchubertResult = DIGESTVERIFYINIT_ERROR 192*e0c4386eSCy Schubert 193*e0c4386eSCy Schubert# Test that a curve with < 112 bits is not allowed in fips mode for signing 194*e0c4386eSCy SchubertAvailablein = fips 195*e0c4386eSCy SchubertDigestSign = SHA3-512 196*e0c4386eSCy SchubertSecuritycheck = 1 197*e0c4386eSCy SchubertKey = B-163 198*e0c4386eSCy SchubertInput = "Hello World" 199*e0c4386eSCy SchubertResult = DIGESTSIGNINIT_ERROR 200*e0c4386eSCy Schubert 201*e0c4386eSCy Schubert# Test that a non nist curve is not allowed in fips mode 202*e0c4386eSCy SchubertAvailablein = fips 203*e0c4386eSCy SchubertDigestSign = SHA3-512 204*e0c4386eSCy SchubertSecuritycheck = 1 205*e0c4386eSCy SchubertKey = secp256k1 206*e0c4386eSCy SchubertInput = "Hello World" 207*e0c4386eSCy SchubertResult = DIGESTSIGNINIT_ERROR 208*e0c4386eSCy Schubert 209*e0c4386eSCy Schubert# Test that SHA1 is not allowed in fips mode for signing 210*e0c4386eSCy SchubertAvailablein = fips 211*e0c4386eSCy SchubertDigestSign = SHA1 212*e0c4386eSCy SchubertSecuritycheck = 1 213*e0c4386eSCy SchubertKey = B-163 214*e0c4386eSCy SchubertInput = "Hello World" 215*e0c4386eSCy SchubertResult = DIGESTSIGNINIT_ERROR 216*e0c4386eSCy Schubert 217*e0c4386eSCy Schubert# Test that SHA1 is not allowed in fips mode for signing 218*e0c4386eSCy SchubertAvailablein = fips 219*e0c4386eSCy SchubertSign = P-256 220*e0c4386eSCy SchubertSecuritycheck = 1 221*e0c4386eSCy SchubertCtrl = digest:SHA1 222*e0c4386eSCy SchubertInput = "0123456789ABCDEF1234" 223*e0c4386eSCy SchubertResult = PKEY_CTRL_ERROR 224*e0c4386eSCy Schubert 225*e0c4386eSCy Schubert# Invalid non-approved digest 226*e0c4386eSCy SchubertAvailablein = fips 227*e0c4386eSCy SchubertDigestVerify = MD5 228*e0c4386eSCy SchubertSecuritycheck = 1 229*e0c4386eSCy SchubertKey = P-256-PUBLIC 230*e0c4386eSCy SchubertResult = DIGESTVERIFYINIT_ERROR 231