1*e0c4386eSCy Schubert#
2*e0c4386eSCy Schubert# Copyright 2001-2022 The OpenSSL Project Authors. All Rights Reserved.
3*e0c4386eSCy Schubert#
4*e0c4386eSCy Schubert# Licensed under the Apache License 2.0 (the "License").  You may not use
5*e0c4386eSCy Schubert# this file except in compliance with the License.  You can obtain a copy
6*e0c4386eSCy Schubert# in the file LICENSE in the source distribution or at
7*e0c4386eSCy Schubert# https://www.openssl.org/source/license.html
8*e0c4386eSCy Schubert
9*e0c4386eSCy Schubert# Tests start with one of these keywords
10*e0c4386eSCy Schubert#       Cipher Decrypt Derive Digest Encoding KDF MAC PBE
11*e0c4386eSCy Schubert#       PrivPubKeyPair Sign Verify VerifyRecover
12*e0c4386eSCy Schubert# and continue until a blank line. Lines starting with a pound sign are ignored.
13*e0c4386eSCy Schubert# The keyword Availablein must appear before the test name if needed.
14*e0c4386eSCy Schubert
15*e0c4386eSCy Schubert# Public key algorithm tests
16*e0c4386eSCy Schubert
17*e0c4386eSCy Schubert# Private keys used for PKEY operations.
18*e0c4386eSCy Schubert
19*e0c4386eSCy Schubert# EC P-256 key
20*e0c4386eSCy Schubert
21*e0c4386eSCy SchubertPrivateKey=P-256
22*e0c4386eSCy Schubert-----BEGIN PRIVATE KEY-----
23*e0c4386eSCy SchubertMIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgiocvtiiTxNH/xbnw
24*e0c4386eSCy Schubert+RdYBp+DUuCPoFpJ+NuSbLVyhyWhRANCAAQsFQ9CnOcPIWwlLPXgYs4fY5zV0WXH
25*e0c4386eSCy Schubert+JQkBywnGX14szuSDpXNtmTpkNzwz+oNlOKo5q+dDlgFbmUxBJJbn+bJ
26*e0c4386eSCy Schubert-----END PRIVATE KEY-----
27*e0c4386eSCy Schubert
28*e0c4386eSCy Schubert# EC public key for above
29*e0c4386eSCy Schubert
30*e0c4386eSCy SchubertPublicKey=P-256-PUBLIC
31*e0c4386eSCy Schubert-----BEGIN PUBLIC KEY-----
32*e0c4386eSCy SchubertMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAELBUPQpznDyFsJSz14GLOH2Oc1dFl
33*e0c4386eSCy Schubertx/iUJAcsJxl9eLM7kg6VzbZk6ZDc8M/qDZTiqOavnQ5YBW5lMQSSW5/myQ==
34*e0c4386eSCy Schubert-----END PUBLIC KEY-----
35*e0c4386eSCy Schubert
36*e0c4386eSCy SchubertPrivPubKeyPair = P-256:P-256-PUBLIC
37*e0c4386eSCy Schubert
38*e0c4386eSCy SchubertTitle = ECDSA tests
39*e0c4386eSCy Schubert
40*e0c4386eSCy SchubertVerify = P-256
41*e0c4386eSCy SchubertCtrl = digest:SHA1
42*e0c4386eSCy SchubertInput = "0123456789ABCDEF1234"
43*e0c4386eSCy SchubertOutput = 3045022100b1d1cb1a577035bccdd5a86c6148c2cc7c633cd42b7234139b593076d041e15202201898cdd52b41ca502098184b409cf83a21bc945006746e3b7cea52234e043ec8
44*e0c4386eSCy Schubert
45*e0c4386eSCy Schubert# Digest too long
46*e0c4386eSCy SchubertVerify = P-256
47*e0c4386eSCy SchubertCtrl = digest:SHA1
48*e0c4386eSCy SchubertInput = "0123456789ABCDEF12345"
49*e0c4386eSCy SchubertOutput = 3045022100b1d1cb1a577035bccdd5a86c6148c2cc7c633cd42b7234139b593076d041e15202201898cdd52b41ca502098184b409cf83a21bc945006746e3b7cea52234e043ec8
50*e0c4386eSCy SchubertResult = VERIFY_ERROR
51*e0c4386eSCy Schubert
52*e0c4386eSCy Schubert# Digest too short
53*e0c4386eSCy SchubertVerify = P-256
54*e0c4386eSCy SchubertCtrl = digest:SHA1
55*e0c4386eSCy SchubertInput = "0123456789ABCDEF123"
56*e0c4386eSCy SchubertOutput = 3045022100b1d1cb1a577035bccdd5a86c6148c2cc7c633cd42b7234139b593076d041e15202201898cdd52b41ca502098184b409cf83a21bc945006746e3b7cea52234e043ec8
57*e0c4386eSCy SchubertResult = VERIFY_ERROR
58*e0c4386eSCy Schubert
59*e0c4386eSCy Schubert# Digest invalid
60*e0c4386eSCy SchubertVerify = P-256
61*e0c4386eSCy SchubertCtrl = digest:SHA1
62*e0c4386eSCy SchubertInput = "0123456789ABCDEF1235"
63*e0c4386eSCy SchubertOutput = 3045022100b1d1cb1a577035bccdd5a86c6148c2cc7c633cd42b7234139b593076d041e15202201898cdd52b41ca502098184b409cf83a21bc945006746e3b7cea52234e043ec8
64*e0c4386eSCy SchubertResult = VERIFY_ERROR
65*e0c4386eSCy Schubert
66*e0c4386eSCy Schubert# Invalid signature
67*e0c4386eSCy SchubertVerify = P-256
68*e0c4386eSCy SchubertCtrl = digest:SHA1
69*e0c4386eSCy SchubertInput = "0123456789ABCDEF1234"
70*e0c4386eSCy SchubertOutput = 3045022100b1d1cb1a577035bccdd5a86c6148c2cc7c633cd42b7234139b593076d041e15202201898cdd52b41ca502098184b409cf83a21bc945006746e3b7cea52234e043ec7
71*e0c4386eSCy SchubertResult = VERIFY_ERROR
72*e0c4386eSCy Schubert
73*e0c4386eSCy Schubert# Garbage after signature
74*e0c4386eSCy SchubertAvailablein = default
75*e0c4386eSCy SchubertVerify = P-256
76*e0c4386eSCy SchubertCtrl = digest:SHA1
77*e0c4386eSCy SchubertInput = "0123456789ABCDEF1234"
78*e0c4386eSCy SchubertOutput = 3045022100b1d1cb1a577035bccdd5a86c6148c2cc7c633cd42b7234139b593076d041e15202201898cdd52b41ca502098184b409cf83a21bc945006746e3b7cea52234e043ec800
79*e0c4386eSCy SchubertResult = VERIFY_ERROR
80*e0c4386eSCy Schubert
81*e0c4386eSCy Schubert# BER signature
82*e0c4386eSCy SchubertVerify = P-256
83*e0c4386eSCy SchubertCtrl = digest:SHA1
84*e0c4386eSCy SchubertInput = "0123456789ABCDEF1234"
85*e0c4386eSCy SchubertOutput = 3080022100b1d1cb1a577035bccdd5a86c6148c2cc7c633cd42b7234139b593076d041e15202201898cdd52b41ca502098184b409cf83a21bc945006746e3b7cea52234e043ec80000
86*e0c4386eSCy SchubertResult = VERIFY_ERROR
87*e0c4386eSCy Schubert
88*e0c4386eSCy SchubertVerify = P-256-PUBLIC
89*e0c4386eSCy SchubertCtrl = digest:SHA1
90*e0c4386eSCy SchubertInput = "0123456789ABCDEF1234"
91*e0c4386eSCy SchubertOutput = 3045022100b1d1cb1a577035bccdd5a86c6148c2cc7c633cd42b7234139b593076d041e15202201898cdd52b41ca502098184b409cf83a21bc945006746e3b7cea52234e043ec8
92*e0c4386eSCy Schubert
93*e0c4386eSCy SchubertTitle = DigestSign and DigestVerify
94*e0c4386eSCy Schubert
95*e0c4386eSCy SchubertDigestVerify = SHA256
96*e0c4386eSCy SchubertKey = P-256-PUBLIC
97*e0c4386eSCy SchubertInput = "Hello World"
98*e0c4386eSCy SchubertOutput = 3046022100e7515177ec3817b77a4a94066ab3070817b7aa9d44a8a09f040da250116e8972022100ba59b0f631258e59a9026be5d84f60685f4cf22b9165a0c2736d5c21c8ec1862
99*e0c4386eSCy Schubert
100*e0c4386eSCy SchubertPublicKey=P-384-PUBLIC
101*e0c4386eSCy Schubert-----BEGIN PUBLIC KEY-----
102*e0c4386eSCy SchubertMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAES/TlL5WEJ+u1kV+4yVlVUbTTo/2rZ7rd
103*e0c4386eSCy SchubertnWwwk/QlukNjDfcfQvDrfOqpTZ9kSKhd0wMxWIJJ/S/cCzCex+2EgbwW8ngAwT19
104*e0c4386eSCy SchuberttwD8guGxyFRaoMDTtW47/nifwYqRaIfC
105*e0c4386eSCy Schubert-----END PUBLIC KEY-----
106*e0c4386eSCy Schubert
107*e0c4386eSCy SchubertDigestVerify = SHA384
108*e0c4386eSCy SchubertKey = P-384-PUBLIC
109*e0c4386eSCy SchubertInput = "123400"
110*e0c4386eSCy SchubertOutput = 304d0218389cb27e0bc8d21fa7e5f24cb74f58851313e696333ad68b023100ffffffffffffffffffffffffffffffffffffffffffffffffc7634d81f4372ddf581a0db248b0a77aecec196accc52970
111*e0c4386eSCy Schubert
112*e0c4386eSCy Schubert# Oneshot tests
113*e0c4386eSCy SchubertOneShotDigestVerify = SHA256
114*e0c4386eSCy SchubertKey = P-256-PUBLIC
115*e0c4386eSCy SchubertInput = "Hello World"
116*e0c4386eSCy SchubertOutput = 3046022100e7515177ec3817b77a4a94066ab3070817b7aa9d44a8a09f040da250116e8972022100ba59b0f631258e59a9026be5d84f60685f4cf22b9165a0c2736d5c21c8ec1862
117*e0c4386eSCy Schubert
118*e0c4386eSCy Schubert# Test that mdsize != tbssize fails
119*e0c4386eSCy SchubertSign = P-256
120*e0c4386eSCy SchubertCtrl = digest:SHA256
121*e0c4386eSCy SchubertInput = "0123456789ABCDEF1234"
122*e0c4386eSCy SchubertResult = KEYOP_ERROR
123*e0c4386eSCy Schubert
124*e0c4386eSCy SchubertPrivateKey = P-256_NAMED_CURVE_EXPLICIT
125*e0c4386eSCy Schubert-----BEGIN PRIVATE KEY-----
126*e0c4386eSCy SchubertMIIBeQIBADCCAQMGByqGSM49AgEwgfcCAQEwLAYHKoZIzj0BAQIhAP////8AAAAB
127*e0c4386eSCy SchubertAAAAAAAAAAAAAAAA////////////////MFsEIP////8AAAABAAAAAAAAAAAAAAAA
128*e0c4386eSCy Schubert///////////////8BCBaxjXYqjqT57PrvVV2mIa8ZR0GsMxTsPY7zjw+J9JgSwMV
129*e0c4386eSCy SchubertAMSdNgiG5wSTamZ44ROdJreBn36QBEEEaxfR8uEsQkf4vOblY6RA8ncDfYEt6zOg
130*e0c4386eSCy Schubert9KE5RdiYwpZP40Li/hp/m47n60p8D54WK84zV2sxXs7LtkBoN79R9QIhAP////8A
131*e0c4386eSCy SchubertAAAA//////////+85vqtpxeehPO5ysL8YyVRAgEBBG0wawIBAQQgiUTxtr5vLVjj
132*e0c4386eSCy Schubert0BOXUa/4r82DJ30QoupYS/wlilW4gWehRANCAATM0n3q2UaDyaQ7OxzJM3B6prhW
133*e0c4386eSCy Schubert3ev1gTwRBduzqqlwd54AUSgI+pjttW8zrWNitO8H1sf59MPWOESKxNtZ1+Nl
134*e0c4386eSCy Schubert-----END PRIVATE KEY-----
135*e0c4386eSCy Schubert
136*e0c4386eSCy SchubertPrivateKey = EC_EXPLICIT
137*e0c4386eSCy Schubert-----BEGIN PRIVATE KEY-----
138*e0c4386eSCy SchubertMIIBeQIBADCCAQMGByqGSM49AgEwgfcCAQEwLAYHKoZIzj0BAQIhAP////8AAAAB
139*e0c4386eSCy SchubertAAAAAAAAAAAAAAAA////////////////MFsEIP////8AAAABAAAAAAAAAAAAAAAA
140*e0c4386eSCy Schubert///////////////8BCBaxjXYqjqT57PrvVV2mIa8ZR0GsMxTsPY7zjw+J9JgSwMV
141*e0c4386eSCy SchubertAMSdNgiG5wSTamZ44ROdJreBn36QBEEE5JcIvn36opqjEm/k59Al40rBAxWM2TPG
142*e0c4386eSCy Schubertl0L13Je51zHpfXQ9Z2o7IQicMXP4wSfJ0qCgg2bgydqoxlYrlLGuVQIhAP////8A
143*e0c4386eSCy SchubertAAAA//////////+85vqtpxeehPO5ysL8YyVRAgEBBG0wawIBAQQgec92jwduadCk
144*e0c4386eSCy SchubertOjoNRI+YT5Be5TkzZXzYCyTLkMOikDmhRANCAATtECEhQbLEaiUj/Wu0qjcr81lL
145*e0c4386eSCy Schubert46dx5zYgArz/iaSNJ3W80oO+F7v04jlQ7wxQzg96R0bwKiMeq5CcW9ZFt6xg
146*e0c4386eSCy Schubert-----END PRIVATE KEY-----
147*e0c4386eSCy Schubert
148*e0c4386eSCy SchubertPrivateKey = B-163
149*e0c4386eSCy Schubert-----BEGIN PRIVATE KEY-----
150*e0c4386eSCy SchubertMGMCAQAwEAYHKoZIzj0CAQYFK4EEAA8ETDBKAgEBBBUDnQW0mLiHVha/jqFznX/K
151*e0c4386eSCy SchubertDnVlDgChLgMsAAQB1qZ00fPIct+QN8skv1XIHtBNp3EGLytJV0tsAUTYtGhtrzRj
152*e0c4386eSCy Schuberte3GzYyg=
153*e0c4386eSCy Schubert-----END PRIVATE KEY-----
154*e0c4386eSCy Schubert
155*e0c4386eSCy SchubertPrivateKey = secp256k1
156*e0c4386eSCy Schubert-----BEGIN PRIVATE KEY-----
157*e0c4386eSCy SchubertMIGEAgEAMBAGByqGSM49AgEGBSuBBAAKBG0wawIBAQQgsLpFV9joHc0bisyV53XL
158*e0c4386eSCy SchubertmrG6/Gu6ZaHoXtKP/VFX44ehRANCAARLYWGgp5nP4N8guypLSbYGCVN6ZPCnWW4x
159*e0c4386eSCy SchubertsrYkcpdbxr4neRT3zC62keCKgPbJf5SIHkJ2Tcaw6hVSrBOUFtix
160*e0c4386eSCy Schubert-----END PRIVATE KEY-----
161*e0c4386eSCy Schubert
162*e0c4386eSCy SchubertTitle = FIPS tests
163*e0c4386eSCy Schubert
164*e0c4386eSCy Schubert# Test that a nist curve with < 112 bits is allowed in fips mode for verifying
165*e0c4386eSCy SchubertDigestVerify = SHA256
166*e0c4386eSCy SchubertKey = B-163
167*e0c4386eSCy SchubertInput = "Hello World"
168*e0c4386eSCy SchubertOutput = 302e0215027bb891747468b4b59ca2a2bf8f42d29d08866cf5021502cc311b25e9a2168e42240b07a6071070f687eb3b
169*e0c4386eSCy Schubert
170*e0c4386eSCy Schubert# Test that a nist curve with SHA3 is allowed in fips mode
171*e0c4386eSCy Schubert# The sign will get a mismatch error since the output signature changes on each run
172*e0c4386eSCy SchubertDigestSign = SHA3-512
173*e0c4386eSCy SchubertKey = P-256
174*e0c4386eSCy SchubertInput = "Hello World"
175*e0c4386eSCy SchubertResult = SIGNATURE_MISMATCH
176*e0c4386eSCy Schubert
177*e0c4386eSCy Schubert# Test that a explicit curve that is a named curve is allowed in fips mode
178*e0c4386eSCy SchubertDigestVerify = SHA256
179*e0c4386eSCy SchubertKey = P-256_NAMED_CURVE_EXPLICIT
180*e0c4386eSCy SchubertInput = "Hello World"
181*e0c4386eSCy SchubertOutput = 30450220796fcf472882ed5779226dcd0217b9d2b9acfe4fa2fb0109c8ee63c63adc1033022100e306c69f7e31b9a5d54eb12ba813cddf4de4af933e4f6cea38a0817d9d831d91
182*e0c4386eSCy Schubert
183*e0c4386eSCy SchubertTitle = FIPS Negative tests (using different curves and digests)
184*e0c4386eSCy Schubert
185*e0c4386eSCy Schubert# Test that a explicit curve is not allowed in fips mode
186*e0c4386eSCy SchubertAvailablein = fips
187*e0c4386eSCy SchubertDigestVerify = SHA256
188*e0c4386eSCy SchubertSecuritycheck = 1
189*e0c4386eSCy SchubertKey = EC_EXPLICIT
190*e0c4386eSCy SchubertInput = "Hello World"
191*e0c4386eSCy SchubertResult = DIGESTVERIFYINIT_ERROR
192*e0c4386eSCy Schubert
193*e0c4386eSCy Schubert# Test that a curve with < 112 bits is not allowed in fips mode for signing
194*e0c4386eSCy SchubertAvailablein = fips
195*e0c4386eSCy SchubertDigestSign = SHA3-512
196*e0c4386eSCy SchubertSecuritycheck = 1
197*e0c4386eSCy SchubertKey = B-163
198*e0c4386eSCy SchubertInput = "Hello World"
199*e0c4386eSCy SchubertResult = DIGESTSIGNINIT_ERROR
200*e0c4386eSCy Schubert
201*e0c4386eSCy Schubert# Test that a non nist curve is not allowed in fips mode
202*e0c4386eSCy SchubertAvailablein = fips
203*e0c4386eSCy SchubertDigestSign = SHA3-512
204*e0c4386eSCy SchubertSecuritycheck = 1
205*e0c4386eSCy SchubertKey = secp256k1
206*e0c4386eSCy SchubertInput = "Hello World"
207*e0c4386eSCy SchubertResult = DIGESTSIGNINIT_ERROR
208*e0c4386eSCy Schubert
209*e0c4386eSCy Schubert# Test that SHA1 is not allowed in fips mode for signing
210*e0c4386eSCy SchubertAvailablein = fips
211*e0c4386eSCy SchubertDigestSign = SHA1
212*e0c4386eSCy SchubertSecuritycheck = 1
213*e0c4386eSCy SchubertKey = B-163
214*e0c4386eSCy SchubertInput = "Hello World"
215*e0c4386eSCy SchubertResult = DIGESTSIGNINIT_ERROR
216*e0c4386eSCy Schubert
217*e0c4386eSCy Schubert# Test that SHA1 is not allowed in fips mode for signing
218*e0c4386eSCy SchubertAvailablein = fips
219*e0c4386eSCy SchubertSign = P-256
220*e0c4386eSCy SchubertSecuritycheck = 1
221*e0c4386eSCy SchubertCtrl = digest:SHA1
222*e0c4386eSCy SchubertInput = "0123456789ABCDEF1234"
223*e0c4386eSCy SchubertResult = PKEY_CTRL_ERROR
224*e0c4386eSCy Schubert
225*e0c4386eSCy Schubert# Invalid non-approved digest
226*e0c4386eSCy SchubertAvailablein = fips
227*e0c4386eSCy SchubertDigestVerify = MD5
228*e0c4386eSCy SchubertSecuritycheck = 1
229*e0c4386eSCy SchubertKey = P-256-PUBLIC
230*e0c4386eSCy SchubertResult = DIGESTVERIFYINIT_ERROR
231