int test_d2i_ECPrivateKey(void) {
int len, ret = 0;
uint8_t *out = NULL, *outp;
const uint8_t *inp;
EC_KEY *key = NULL;
BIGNUM *x = NULL, *y = NULL;
const EC_POINT *public;
char *x_hex = NULL, *y_hex = NULL;
inp = kECKeyWithoutPublic;
key = d2i_ECPrivateKey(NULL, &inp, sizeof(kECKeyWithoutPublic));
if (key == NULL || inp != kECKeyWithoutPublic + sizeof(kECKeyWithoutPublic)) {
fprintf(stderr, "Failed to parse private key.\n");
BIO_print_errors_fp(stderr);
goto out;
}
len = i2d_ECPrivateKey(key, NULL);
out = malloc(len);
outp = out;
if (len != i2d_ECPrivateKey(key, &outp)) {
fprintf(stderr, "Failed to serialize private key.\n");
BIO_print_errors_fp(stderr);
goto out;
}
if (0 != memcmp(out, kECKeyWithoutPublic, len)) {
fprintf(stderr, "Serialisation of key doesn't match original.\n");
goto out;
}
public = EC_KEY_get0_public_key(key);
static int test_d2i_AutoPrivateKey(const uint8_t *input, size_t input_len,
int expected_id) {
int ret = 0;
const uint8_t *p;
EVP_PKEY *pkey = NULL;
p = input;
pkey = d2i_AutoPrivateKey(NULL, &p, input_len);
if (pkey == NULL || p != input + input_len) {
fprintf(stderr, "d2i_AutoPrivateKey failed\n");
goto done;
}
if (EVP_PKEY_id(pkey) != expected_id) {
fprintf(stderr, "Did not decode expected type\n");
goto done;
}
ret = 1;
done:
if (!ret) {
BIO_print_errors_fp(stderr);
}
if (pkey != NULL) {
EVP_PKEY_free(pkey);
}
return ret;
}
static int test_EVP_DigestVerifyInit(void) {
int ret = 0;
EVP_PKEY *pkey = NULL;
EVP_MD_CTX md_ctx;
EVP_MD_CTX_init(&md_ctx);
pkey = load_example_rsa_key();
if (pkey == NULL ||
!EVP_DigestVerifyInit(&md_ctx, NULL, EVP_sha256(), NULL, pkey) ||
!EVP_DigestVerifyUpdate(&md_ctx, kMsg, sizeof(kMsg)) ||
!EVP_DigestVerifyFinal(&md_ctx, kSignature, sizeof(kSignature))) {
goto out;
}
ret = 1;
out:
if (!ret) {
BIO_print_errors_fp(stderr);
}
EVP_MD_CTX_cleanup(&md_ctx);
if (pkey) {
EVP_PKEY_free(pkey);
}
return ret;
}
static int test_EVP_DigestVerifyInitFromAlgorithm(void) {
int ret = 0;
CBS cert, cert_body, tbs_cert, algorithm, signature;
uint8_t padding;
X509_ALGOR *algor = NULL;
const uint8_t *derp;
EVP_PKEY *pkey = NULL;
EVP_MD_CTX md_ctx;
EVP_MD_CTX_init(&md_ctx);
CBS_init(&cert, kExamplePSSCert, sizeof(kExamplePSSCert));
if (!CBS_get_asn1(&cert, &cert_body, CBS_ASN1_SEQUENCE) ||
CBS_len(&cert) != 0 ||
!CBS_get_any_asn1_element(&cert_body, &tbs_cert, NULL, NULL) ||
!CBS_get_asn1_element(&cert_body, &algorithm, CBS_ASN1_SEQUENCE) ||
!CBS_get_asn1(&cert_body, &signature, CBS_ASN1_BITSTRING) ||
CBS_len(&cert_body) != 0) {
fprintf(stderr, "Failed to parse certificate\n");
goto out;
}
/* Signatures are BIT STRINGs, but they have are multiple of 8 bytes, so the
leading phase byte is just a zero. */
if (!CBS_get_u8(&signature, &padding) || padding != 0) {
fprintf(stderr, "Invalid signature padding\n");
goto out;
}
derp = CBS_data(&algorithm);
if (!d2i_X509_ALGOR(&algor, &derp, CBS_len(&algorithm)) ||
derp != CBS_data(&algorithm) + CBS_len(&algorithm)) {
fprintf(stderr, "Failed to parse algorithm\n");
}
pkey = load_example_rsa_key();
if (pkey == NULL ||
!EVP_DigestVerifyInitFromAlgorithm(&md_ctx, algor, pkey) ||
!EVP_DigestVerifyUpdate(&md_ctx, CBS_data(&tbs_cert),
CBS_len(&tbs_cert)) ||
!EVP_DigestVerifyFinal(&md_ctx, CBS_data(&signature),
CBS_len(&signature))) {
goto out;
}
ret = 1;
out:
if (!ret) {
BIO_print_errors_fp(stderr);
}
EVP_MD_CTX_cleanup(&md_ctx);
if (pkey) {
EVP_PKEY_free(pkey);
}
return ret;
}
static int test_EVP_DigestSignInit(void) {
int ret = 0;
EVP_PKEY *pkey = NULL;
uint8_t *sig = NULL;
size_t sig_len = 0;
EVP_MD_CTX md_ctx, md_ctx_verify;
EVP_MD_CTX_init(&md_ctx);
EVP_MD_CTX_init(&md_ctx_verify);
pkey = load_example_rsa_key();
if (pkey == NULL ||
!EVP_DigestSignInit(&md_ctx, NULL, EVP_sha256(), NULL, pkey) ||
!EVP_DigestSignUpdate(&md_ctx, kMsg, sizeof(kMsg))) {
goto out;
}
/* Determine the size of the signature. */
if (!EVP_DigestSignFinal(&md_ctx, NULL, &sig_len)) {
goto out;
}
/* Sanity check for testing. */
if (sig_len != EVP_PKEY_size(pkey)) {
fprintf(stderr, "sig_len mismatch\n");
goto out;
}
sig = malloc(sig_len);
if (sig == NULL || !EVP_DigestSignFinal(&md_ctx, sig, &sig_len)) {
goto out;
}
/* Ensure that the signature round-trips. */
if (!EVP_DigestVerifyInit(&md_ctx_verify, NULL, EVP_sha256(), NULL, pkey) ||
!EVP_DigestVerifyUpdate(&md_ctx_verify, kMsg, sizeof(kMsg)) ||
!EVP_DigestVerifyFinal(&md_ctx_verify, sig, sig_len)) {
goto out;
}
ret = 1;
out:
if (!ret) {
BIO_print_errors_fp(stderr);
}
EVP_MD_CTX_cleanup(&md_ctx);
EVP_MD_CTX_cleanup(&md_ctx_verify);
if (pkey) {
EVP_PKEY_free(pkey);
}
if (sig) {
free(sig);
}
return ret;
}
static int test_EVP_DigestSignAlgorithm(void) {
int ret = 0;
EVP_PKEY *pkey = NULL;
EVP_MD_CTX md_ctx;
EVP_PKEY_CTX *pkey_ctx;
EVP_MD_CTX_init(&md_ctx);
pkey = load_example_rsa_key();
if (pkey == NULL) {
goto out;
}
/* Test a simple AlgorithmIdentifier. */
if (!EVP_DigestSignInit(&md_ctx, &pkey_ctx, EVP_sha256(), NULL, pkey) ||
!test_algorithm_roundtrip(&md_ctx, pkey)) {
fprintf(stderr, "RSA with SHA-256 failed\n");
goto out;
}
EVP_MD_CTX_cleanup(&md_ctx);
EVP_MD_CTX_init(&md_ctx);
/* Test RSA-PSS with custom parameters. */
if (!EVP_DigestSignInit(&md_ctx, &pkey_ctx, EVP_sha256(), NULL, pkey) ||
!EVP_PKEY_CTX_set_rsa_padding(pkey_ctx, RSA_PKCS1_PSS_PADDING) ||
!EVP_PKEY_CTX_set_rsa_mgf1_md(pkey_ctx, EVP_sha512()) ||
!test_algorithm_roundtrip(&md_ctx, pkey)) {
fprintf(stderr, "RSA-PSS failed\n");
goto out;
}
ret = 1;
out:
if (!ret) {
BIO_print_errors_fp(stderr);
}
EVP_MD_CTX_cleanup(&md_ctx);
if (pkey) {
EVP_PKEY_free(pkey);
}
return ret;
}
static int test_socket_connect(void) {
int listening_sock = socket(AF_INET, SOCK_STREAM, 0);
int sock;
struct sockaddr_in sin;
socklen_t sockaddr_len = sizeof(sin);
static const char kTestMessage[] = "test";
char hostname[80], buf[5];
BIO *bio;
memset(&sin, 0, sizeof(sin));
sin.sin_family = AF_INET;
if (!inet_pton(AF_INET, "127.0.0.1", &sin.sin_addr)) {
print_socket_error("inet_pton");
return 0;
}
if (bind(listening_sock, (struct sockaddr *)&sin, sizeof(sin)) != 0) {
print_socket_error("bind");
return 0;
}
if (listen(listening_sock, 1)) {
print_socket_error("listen");
return 0;
}
if (getsockname(listening_sock, (struct sockaddr *)&sin, &sockaddr_len) ||
sockaddr_len != sizeof(sin)) {
print_socket_error("getsockname");
return 0;
}
BIO_snprintf(hostname, sizeof(hostname), "%s:%d", "127.0.0.1",
ntohs(sin.sin_port));
bio = BIO_new_connect(hostname);
if (!bio) {
fprintf(stderr, "BIO_new_connect failed.\n");
return 0;
}
if (BIO_write(bio, kTestMessage, sizeof(kTestMessage)) !=
sizeof(kTestMessage)) {
fprintf(stderr, "BIO_write failed.\n");
BIO_print_errors_fp(stderr);
return 0;
}
sock = accept(listening_sock, (struct sockaddr *) &sin, &sockaddr_len);
if (sock < 0) {
print_socket_error("accept");
return 0;
}
if (recv(sock, buf, sizeof(buf), 0) != sizeof(kTestMessage)) {
print_socket_error("read");
return 0;
}
if (memcmp(buf, kTestMessage, sizeof(kTestMessage))) {
return 0;
}
closesocket(sock);
closesocket(listening_sock);
BIO_free(bio);
return 1;
}
