1#
2# Copyright 2001-2022 The OpenSSL Project Authors. All Rights Reserved.
3#
4# Licensed under the Apache License 2.0 (the "License").  You may not use
5# this file except in compliance with the License.  You can obtain a copy
6# in the file LICENSE in the source distribution or at
7# https://www.openssl.org/source/license.html
8
9# Tests start with one of these keywords
10#       Cipher Decrypt Derive Digest Encoding KDF MAC PBE
11#       PrivPubKeyPair Sign Verify VerifyRecover
12# and continue until a blank line. Lines starting with a pound sign are ignored.
13# The keyword Availablein must appear before the test name if needed.
14
15# Public key algorithm tests
16
17# Private keys used for PKEY operations.
18
19# EC P-256 key
20
21PrivateKey=P-256
22-----BEGIN PRIVATE KEY-----
23MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgiocvtiiTxNH/xbnw
24+RdYBp+DUuCPoFpJ+NuSbLVyhyWhRANCAAQsFQ9CnOcPIWwlLPXgYs4fY5zV0WXH
25+JQkBywnGX14szuSDpXNtmTpkNzwz+oNlOKo5q+dDlgFbmUxBJJbn+bJ
26-----END PRIVATE KEY-----
27
28# EC public key for above
29
30PublicKey=P-256-PUBLIC
31-----BEGIN PUBLIC KEY-----
32MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAELBUPQpznDyFsJSz14GLOH2Oc1dFl
33x/iUJAcsJxl9eLM7kg6VzbZk6ZDc8M/qDZTiqOavnQ5YBW5lMQSSW5/myQ==
34-----END PUBLIC KEY-----
35
36PrivPubKeyPair = P-256:P-256-PUBLIC
37
38Title = ECDSA tests
39
40Verify = P-256
41Ctrl = digest:SHA1
42Input = "0123456789ABCDEF1234"
43Output = 3045022100b1d1cb1a577035bccdd5a86c6148c2cc7c633cd42b7234139b593076d041e15202201898cdd52b41ca502098184b409cf83a21bc945006746e3b7cea52234e043ec8
44
45# Digest too long
46Verify = P-256
47Ctrl = digest:SHA1
48Input = "0123456789ABCDEF12345"
49Output = 3045022100b1d1cb1a577035bccdd5a86c6148c2cc7c633cd42b7234139b593076d041e15202201898cdd52b41ca502098184b409cf83a21bc945006746e3b7cea52234e043ec8
50Result = VERIFY_ERROR
51
52# Digest too short
53Verify = P-256
54Ctrl = digest:SHA1
55Input = "0123456789ABCDEF123"
56Output = 3045022100b1d1cb1a577035bccdd5a86c6148c2cc7c633cd42b7234139b593076d041e15202201898cdd52b41ca502098184b409cf83a21bc945006746e3b7cea52234e043ec8
57Result = VERIFY_ERROR
58
59# Digest invalid
60Verify = P-256
61Ctrl = digest:SHA1
62Input = "0123456789ABCDEF1235"
63Output = 3045022100b1d1cb1a577035bccdd5a86c6148c2cc7c633cd42b7234139b593076d041e15202201898cdd52b41ca502098184b409cf83a21bc945006746e3b7cea52234e043ec8
64Result = VERIFY_ERROR
65
66# Invalid signature
67Verify = P-256
68Ctrl = digest:SHA1
69Input = "0123456789ABCDEF1234"
70Output = 3045022100b1d1cb1a577035bccdd5a86c6148c2cc7c633cd42b7234139b593076d041e15202201898cdd52b41ca502098184b409cf83a21bc945006746e3b7cea52234e043ec7
71Result = VERIFY_ERROR
72
73# Garbage after signature
74Availablein = default
75Verify = P-256
76Ctrl = digest:SHA1
77Input = "0123456789ABCDEF1234"
78Output = 3045022100b1d1cb1a577035bccdd5a86c6148c2cc7c633cd42b7234139b593076d041e15202201898cdd52b41ca502098184b409cf83a21bc945006746e3b7cea52234e043ec800
79Result = VERIFY_ERROR
80
81# BER signature
82Verify = P-256
83Ctrl = digest:SHA1
84Input = "0123456789ABCDEF1234"
85Output = 3080022100b1d1cb1a577035bccdd5a86c6148c2cc7c633cd42b7234139b593076d041e15202201898cdd52b41ca502098184b409cf83a21bc945006746e3b7cea52234e043ec80000
86Result = VERIFY_ERROR
87
88Verify = P-256-PUBLIC
89Ctrl = digest:SHA1
90Input = "0123456789ABCDEF1234"
91Output = 3045022100b1d1cb1a577035bccdd5a86c6148c2cc7c633cd42b7234139b593076d041e15202201898cdd52b41ca502098184b409cf83a21bc945006746e3b7cea52234e043ec8
92
93Title = DigestSign and DigestVerify
94
95DigestVerify = SHA256
96Key = P-256-PUBLIC
97Input = "Hello World"
98Output = 3046022100e7515177ec3817b77a4a94066ab3070817b7aa9d44a8a09f040da250116e8972022100ba59b0f631258e59a9026be5d84f60685f4cf22b9165a0c2736d5c21c8ec1862
99
100PublicKey=P-384-PUBLIC
101-----BEGIN PUBLIC KEY-----
102MHYwEAYHKoZIzj0CAQYFK4EEACIDYgAES/TlL5WEJ+u1kV+4yVlVUbTTo/2rZ7rd
103nWwwk/QlukNjDfcfQvDrfOqpTZ9kSKhd0wMxWIJJ/S/cCzCex+2EgbwW8ngAwT19
104twD8guGxyFRaoMDTtW47/nifwYqRaIfC
105-----END PUBLIC KEY-----
106
107DigestVerify = SHA384
108Key = P-384-PUBLIC
109Input = "123400"
110Output = 304d0218389cb27e0bc8d21fa7e5f24cb74f58851313e696333ad68b023100ffffffffffffffffffffffffffffffffffffffffffffffffc7634d81f4372ddf581a0db248b0a77aecec196accc52970
111
112# Oneshot tests
113OneShotDigestVerify = SHA256
114Key = P-256-PUBLIC
115Input = "Hello World"
116Output = 3046022100e7515177ec3817b77a4a94066ab3070817b7aa9d44a8a09f040da250116e8972022100ba59b0f631258e59a9026be5d84f60685f4cf22b9165a0c2736d5c21c8ec1862
117
118# Test that mdsize != tbssize fails
119Sign = P-256
120Ctrl = digest:SHA256
121Input = "0123456789ABCDEF1234"
122Result = KEYOP_ERROR
123
124PrivateKey = P-256_NAMED_CURVE_EXPLICIT
125-----BEGIN PRIVATE KEY-----
126MIIBeQIBADCCAQMGByqGSM49AgEwgfcCAQEwLAYHKoZIzj0BAQIhAP////8AAAAB
127AAAAAAAAAAAAAAAA////////////////MFsEIP////8AAAABAAAAAAAAAAAAAAAA
128///////////////8BCBaxjXYqjqT57PrvVV2mIa8ZR0GsMxTsPY7zjw+J9JgSwMV
129AMSdNgiG5wSTamZ44ROdJreBn36QBEEEaxfR8uEsQkf4vOblY6RA8ncDfYEt6zOg
1309KE5RdiYwpZP40Li/hp/m47n60p8D54WK84zV2sxXs7LtkBoN79R9QIhAP////8A
131AAAA//////////+85vqtpxeehPO5ysL8YyVRAgEBBG0wawIBAQQgiUTxtr5vLVjj
1320BOXUa/4r82DJ30QoupYS/wlilW4gWehRANCAATM0n3q2UaDyaQ7OxzJM3B6prhW
1333ev1gTwRBduzqqlwd54AUSgI+pjttW8zrWNitO8H1sf59MPWOESKxNtZ1+Nl
134-----END PRIVATE KEY-----
135
136PrivateKey = EC_EXPLICIT
137-----BEGIN PRIVATE KEY-----
138MIIBeQIBADCCAQMGByqGSM49AgEwgfcCAQEwLAYHKoZIzj0BAQIhAP////8AAAAB
139AAAAAAAAAAAAAAAA////////////////MFsEIP////8AAAABAAAAAAAAAAAAAAAA
140///////////////8BCBaxjXYqjqT57PrvVV2mIa8ZR0GsMxTsPY7zjw+J9JgSwMV
141AMSdNgiG5wSTamZ44ROdJreBn36QBEEE5JcIvn36opqjEm/k59Al40rBAxWM2TPG
142l0L13Je51zHpfXQ9Z2o7IQicMXP4wSfJ0qCgg2bgydqoxlYrlLGuVQIhAP////8A
143AAAA//////////+85vqtpxeehPO5ysL8YyVRAgEBBG0wawIBAQQgec92jwduadCk
144OjoNRI+YT5Be5TkzZXzYCyTLkMOikDmhRANCAATtECEhQbLEaiUj/Wu0qjcr81lL
14546dx5zYgArz/iaSNJ3W80oO+F7v04jlQ7wxQzg96R0bwKiMeq5CcW9ZFt6xg
146-----END PRIVATE KEY-----
147
148PrivateKey = B-163
149-----BEGIN PRIVATE KEY-----
150MGMCAQAwEAYHKoZIzj0CAQYFK4EEAA8ETDBKAgEBBBUDnQW0mLiHVha/jqFznX/K
151DnVlDgChLgMsAAQB1qZ00fPIct+QN8skv1XIHtBNp3EGLytJV0tsAUTYtGhtrzRj
152e3GzYyg=
153-----END PRIVATE KEY-----
154
155PrivateKey = secp256k1
156-----BEGIN PRIVATE KEY-----
157MIGEAgEAMBAGByqGSM49AgEGBSuBBAAKBG0wawIBAQQgsLpFV9joHc0bisyV53XL
158mrG6/Gu6ZaHoXtKP/VFX44ehRANCAARLYWGgp5nP4N8guypLSbYGCVN6ZPCnWW4x
159srYkcpdbxr4neRT3zC62keCKgPbJf5SIHkJ2Tcaw6hVSrBOUFtix
160-----END PRIVATE KEY-----
161
162Title = FIPS tests
163
164# Test that a nist curve with < 112 bits is allowed in fips mode for verifying
165DigestVerify = SHA256
166Key = B-163
167Input = "Hello World"
168Output = 302e0215027bb891747468b4b59ca2a2bf8f42d29d08866cf5021502cc311b25e9a2168e42240b07a6071070f687eb3b
169
170# Test that a nist curve with SHA3 is allowed in fips mode
171# The sign will get a mismatch error since the output signature changes on each run
172DigestSign = SHA3-512
173Key = P-256
174Input = "Hello World"
175Result = SIGNATURE_MISMATCH
176
177# Test that a explicit curve that is a named curve is allowed in fips mode
178DigestVerify = SHA256
179Key = P-256_NAMED_CURVE_EXPLICIT
180Input = "Hello World"
181Output = 30450220796fcf472882ed5779226dcd0217b9d2b9acfe4fa2fb0109c8ee63c63adc1033022100e306c69f7e31b9a5d54eb12ba813cddf4de4af933e4f6cea38a0817d9d831d91
182
183Title = FIPS Negative tests (using different curves and digests)
184
185# Test that a explicit curve is not allowed in fips mode
186Availablein = fips
187DigestVerify = SHA256
188Securitycheck = 1
189Key = EC_EXPLICIT
190Input = "Hello World"
191Result = DIGESTVERIFYINIT_ERROR
192
193# Test that a curve with < 112 bits is not allowed in fips mode for signing
194Availablein = fips
195DigestSign = SHA3-512
196Securitycheck = 1
197Key = B-163
198Input = "Hello World"
199Result = DIGESTSIGNINIT_ERROR
200
201# Test that a non nist curve is not allowed in fips mode
202Availablein = fips
203DigestSign = SHA3-512
204Securitycheck = 1
205Key = secp256k1
206Input = "Hello World"
207Result = DIGESTSIGNINIT_ERROR
208
209# Test that SHA1 is not allowed in fips mode for signing
210Availablein = fips
211DigestSign = SHA1
212Securitycheck = 1
213Key = B-163
214Input = "Hello World"
215Result = DIGESTSIGNINIT_ERROR
216
217# Test that SHA1 is not allowed in fips mode for signing
218Availablein = fips
219Sign = P-256
220Securitycheck = 1
221Ctrl = digest:SHA1
222Input = "0123456789ABCDEF1234"
223Result = PKEY_CTRL_ERROR
224
225# Invalid non-approved digest
226Availablein = fips
227DigestVerify = MD5
228Securitycheck = 1
229Key = P-256-PUBLIC
230Result = DIGESTVERIFYINIT_ERROR
231