From 22f0c72b928604cc42c16bf59b9d31f92e4c4be9 Mon Sep 17 00:00:00 2001 From: Nicola Tuveri Date: Tue, 10 Apr 2018 03:53:01 +0300 Subject: [PATCH] [SM2_sign] add minimal EVP_PKEY functionality testing The actual functionality of generating signatures through the `EVP_PKEY` API is completely untested. Current tests under the `EVP_PKEY` API (`test/recipes/30-test_evp_data/evppkey.txt`) only cover `Verify` and `Decrypt`, while encryption and signature generation are tested with ad-hoc clients (`test/sm2crypttest.c`, `test/sm2signtest.c`) that do not call the `EVP_PKEY` interface at all but soon-to-be private functions that bypass it (cf. PR#5895 ). It is my opinion that an ideal solution for the future would consist on enhancing the `test/evp_pkey` facility and syntax to allow tests to take control of the PRNG to inject known nonces and validate the results of `EVP_PKEY` implementations against deterministic known answer tests, but it is probably too late to work on this feature in time for next release. Given that commit b5a85f70d8 highlights some critical bugs in the hook between the `EVP_PKEY` interface and SM2 signature generation and that these defects escaped testing and code review, I think that at least for now it is beneficial to at least add the kind of "bogus" testing provided by this patch: this is a "fake" test as it does only verify that the SM2 `EVP_PKEY` interface is capable of creating a signature without failing, but it does not say anything about the generated signature being valid, nor does it test the functional correctness of the cryptosystem. Reviewed-by: Bernd Edlinger Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/6066) --- test/recipes/30-test_evp_data/evppkey.txt | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/test/recipes/30-test_evp_data/evppkey.txt b/test/recipes/30-test_evp_data/evppkey.txt index 00db26d0f7..6b5045252e 100644 --- a/test/recipes/30-test_evp_data/evppkey.txt +++ b/test/recipes/30-test_evp_data/evppkey.txt @@ -18388,3 +18388,12 @@ Decrypt = SM2_key1 Input = 30818A0220466BE2EF5C11782EC77864A0055417F407A5AFC11D653C6BCE69E417BB1D05B6022062B572E21FF0DDF5C726BD3F9FF2EAE56E6294713A607E9B9525628965F62CC804203C1B5713B5DB2728EB7BF775E44F4689FC32668BDC564F52EA45B09E8DF2A5F40422084A9D0CC2997092B7D3C404FCE95956EB604D732B2307A8E5B8900ED6608CA5B197 Output = "The floofy bunnies hop at midnight" +# This is a "fake" test as it does only verify that the SM2 EVP_PKEY interface +# is capable of creating a signature without failing, but it does not say +# anything about the generated signature being valid, nor does it test the +# correct implementation of the cryptosystem. +Sign = SM2_key1 +Ctrl = digest:SM3 +Input = D7AD397F6FFA5D4F7F11E7217F241607DC30618C236D2C09C1B9EA8FDADEE2E8 +Output = 3045022100f11bf36e75bb304f094fb42a4ca22377d0cc768637c5011cd59fb9ed4b130c98022035545ffe2c2efb3abee4fee661468946d886004fae8ea5311593e48f7fe21b91 +Result = KEYOP_MISMATCH -- 2.25.1