From 6ae5543c5f8476f4cae9c00209ef062746bbfd3c Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Mon, 18 Nov 2019 02:30:50 +0100 Subject: [PATCH] TEST: add tests of text and PEM printout of a provider made key This renames test/evp_fromdata_test.c to test/evp_pkey_provided_test.c, to encourage additional testing of provider made keys. Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/10394) --- test/build.info | 8 +- test/evp_fromdata_test.c | 87 -------- test/evp_pkey_provided_test.c | 196 ++++++++++++++++++ ...fromdata.t => 30-test_evp_pkey_provided.t} | 2 +- 4 files changed, 201 insertions(+), 92 deletions(-) delete mode 100644 test/evp_fromdata_test.c create mode 100644 test/evp_pkey_provided_test.c rename test/recipes/{30-test_evp_fromdata.t => 30-test_evp_pkey_provided.t} (87%) diff --git a/test/build.info b/test/build.info index e17e1b5984..944702128c 100644 --- a/test/build.info +++ b/test/build.info @@ -39,7 +39,7 @@ IF[{- !$disabled{tests} -}] destest mdc2test \ dhtest enginetest casttest \ bftest ssltest_old dsatest dsa_no_digest_size_test exptest rsa_test \ - evp_fromdata_test evp_test evp_extra_test evp_fetch_prov_test \ + evp_pkey_provided_test evp_test evp_extra_test evp_fetch_prov_test \ igetest v3nametest v3ext \ crltest danetest bad_dtls_test lhash_test sparse_array_test \ conf_include_test params_api_test params_conversion_test \ @@ -210,9 +210,9 @@ IF[{- !$disabled{tests} -}] DEFINE[evp_extra_test]=NO_FIPS_MODULE ENDIF - SOURCE[evp_fromdata_test]=evp_fromdata_test.c - INCLUDE[evp_fromdata_test]=../include ../apps/include - DEPEND[evp_fromdata_test]=../libcrypto libtestutil.a + SOURCE[evp_pkey_provided_test]=evp_pkey_provided_test.c + INCLUDE[evp_pkey_provided_test]=../include ../apps/include + DEPEND[evp_pkey_provided_test]=../libcrypto libtestutil.a SOURCE[igetest]=igetest.c INCLUDE[igetest]=../include ../apps/include diff --git a/test/evp_fromdata_test.c b/test/evp_fromdata_test.c deleted file mode 100644 index 74da50d3d3..0000000000 --- a/test/evp_fromdata_test.c +++ /dev/null @@ -1,87 +0,0 @@ -/* - * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include -#include -#include -#include "internal/nelem.h" -#include "crypto/evp.h" /* For the internal API */ -#include "testutil.h" - -/* Array indexes used in test_fromdata_rsa */ -#define N 0 -#define E 1 -#define D 2 -#define P 3 -#define Q 4 -#define DP 5 -#define DQ 6 -#define QINV 7 - -static int test_fromdata_rsa(void) -{ - int ret = 0; - EVP_PKEY_CTX *ctx = NULL; - EVP_PKEY *pk = NULL; - /* - * 32-bit RSA key, extracted from this command, - * executed with OpenSSL 1.0.2: - * - * openssl genrsa 32 | openssl rsa -text - */ - static unsigned long key_numbers[] = { - 0xbc747fc5, /* N */ - 0x10001, /* E */ - 0x7b133399, /* D */ - 0xe963, /* P */ - 0xceb7, /* Q */ - 0x8599, /* DP */ - 0xbd87, /* DQ */ - 0xcc3b, /* QINV */ - }; - OSSL_PARAM fromdata_params[] = { - OSSL_PARAM_ulong(OSSL_PKEY_PARAM_RSA_N, &key_numbers[N]), - OSSL_PARAM_ulong(OSSL_PKEY_PARAM_RSA_E, &key_numbers[E]), - OSSL_PARAM_ulong(OSSL_PKEY_PARAM_RSA_D, &key_numbers[D]), - OSSL_PARAM_ulong(OSSL_PKEY_PARAM_RSA_FACTOR, &key_numbers[P]), - OSSL_PARAM_ulong(OSSL_PKEY_PARAM_RSA_FACTOR, &key_numbers[Q]), - OSSL_PARAM_ulong(OSSL_PKEY_PARAM_RSA_EXPONENT, &key_numbers[DP]), - OSSL_PARAM_ulong(OSSL_PKEY_PARAM_RSA_EXPONENT, &key_numbers[DQ]), - OSSL_PARAM_ulong(OSSL_PKEY_PARAM_RSA_COEFFICIENT, &key_numbers[QINV]), - OSSL_PARAM_END - }; - - if (!TEST_ptr(ctx = EVP_PKEY_CTX_new_provided(NULL, "RSA", NULL))) - goto err; - - if (!TEST_true(EVP_PKEY_key_fromdata_init(ctx)) - || !TEST_true(EVP_PKEY_fromdata(ctx, &pk, fromdata_params))) - goto err; - - /* - * TODO(3.0) We can't do much more at this point without using internals, - * because RSA functionality is still missing. When the time comes, it - * would be nice to try and do something "useful" with this key, such - * as signing a small piece of data. - */ - ret = 1; - - err: - EVP_PKEY_free(pk); - EVP_PKEY_CTX_free(ctx); - - return ret; -} - -int setup_tests(void) -{ - ADD_TEST(test_fromdata_rsa); - return 1; -} diff --git a/test/evp_pkey_provided_test.c b/test/evp_pkey_provided_test.c new file mode 100644 index 0000000000..6dcd0fe701 --- /dev/null +++ b/test/evp_pkey_provided_test.c @@ -0,0 +1,196 @@ +/* + * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include +#include +#include +#include +#include +#include +#include "internal/nelem.h" +#include "crypto/evp.h" /* For the internal API */ +#include "testutil.h" + +static int test_print_key_using_pem(const EVP_PKEY *pk) +{ + if (!TEST_true(EVP_PKEY_print_private(bio_out, pk, 0, NULL)) + /* Public key in PEM form */ + || !TEST_true(PEM_write_bio_PUBKEY(bio_out, pk)) + /* Unencrypted private key in PEM form */ + || !TEST_true(PEM_write_bio_PrivateKey(bio_out, pk, + NULL, NULL, 0, NULL, NULL)) + /* Encrypted private key in PEM form */ + || !TEST_true(PEM_write_bio_PrivateKey(bio_out, pk, EVP_aes_256_cbc(), + (unsigned char *)"pass", 4, + NULL, NULL))) + return 0; + + return 1; +} + +static int test_print_key_using_serializer(const EVP_PKEY *pk) +{ + const char *pq = OSSL_SERIALIZER_PrivateKey_TO_PEM_PQ; + OSSL_SERIALIZER_CTX *ctx = NULL; + int ret = 1; + + /* Make a context, it's valid for several prints */ + TEST_note("Setting up a OSSL_SERIALIZER context with passphrase"); + if (!TEST_ptr(ctx = OSSL_SERIALIZER_CTX_new_by_EVP_PKEY(pk, pq)) + /* Check that this operation is supported */ + || !TEST_ptr(OSSL_SERIALIZER_CTX_get_serializer(ctx)) + /* Set a passphrase to be used later */ + || !TEST_true(OSSL_SERIALIZER_CTX_set_passphrase(ctx, + (unsigned char *)"pass", + 4))) + goto err; + + /* Use no cipher. This should give us an unencrypted PEM */ + TEST_note("Displaying PEM with no encryption"); + if (!TEST_true(OSSL_SERIALIZER_to_bio(ctx, bio_out))) + ret = 0; + + /* Use a valid cipher name */ + TEST_note("Displaying PEM encrypted with AES-256-CBC"); + if (!TEST_true(OSSL_SERIALIZER_CTX_set_cipher(ctx, "AES-256-CBC", NULL)) + || !TEST_true(OSSL_SERIALIZER_to_bio(ctx, bio_out))) + ret = 0; + + /* Use an invalid cipher name, which should generate no output */ + TEST_note("NOT Displaying PEM encrypted with (invalid) FOO"); + if (!TEST_false(OSSL_SERIALIZER_CTX_set_cipher(ctx, "FOO", NULL)) + || !TEST_false(OSSL_SERIALIZER_to_bio(ctx, bio_out))) + ret = 0; + + /* Clear the cipher. This should give us an unencrypted PEM again */ + TEST_note("Displaying PEM with encryption cleared (no encryption)"); + if (!TEST_true(OSSL_SERIALIZER_CTX_set_cipher(ctx, NULL, NULL)) + || !TEST_true(OSSL_SERIALIZER_to_bio(ctx, bio_out))) + ret = 0; + +err: + OSSL_SERIALIZER_CTX_free(ctx); + return ret; +} + +/* Array indexes used in test_fromdata_rsa */ +#define N 0 +#define E 1 +#define D 2 +#define P 3 +#define Q 4 +#define DP 5 +#define DQ 6 +#define QINV 7 + +static int test_fromdata_rsa(void) +{ + int ret = 0; + EVP_PKEY_CTX *ctx = NULL; + EVP_PKEY *pk = NULL; + /* + * 32-bit RSA key, extracted from this command, + * executed with OpenSSL 1.0.2: + * + * openssl genrsa 32 | openssl rsa -text + */ + static unsigned long key_numbers[] = { + 0xbc747fc5, /* N */ + 0x10001, /* E */ + 0x7b133399, /* D */ + 0xe963, /* P */ + 0xceb7, /* Q */ + 0x8599, /* DP */ + 0xbd87, /* DQ */ + 0xcc3b, /* QINV */ + }; + OSSL_PARAM fromdata_params[] = { + OSSL_PARAM_ulong(OSSL_PKEY_PARAM_RSA_N, &key_numbers[N]), + OSSL_PARAM_ulong(OSSL_PKEY_PARAM_RSA_E, &key_numbers[E]), + OSSL_PARAM_ulong(OSSL_PKEY_PARAM_RSA_D, &key_numbers[D]), + OSSL_PARAM_ulong(OSSL_PKEY_PARAM_RSA_FACTOR, &key_numbers[P]), + OSSL_PARAM_ulong(OSSL_PKEY_PARAM_RSA_FACTOR, &key_numbers[Q]), + OSSL_PARAM_ulong(OSSL_PKEY_PARAM_RSA_EXPONENT, &key_numbers[DP]), + OSSL_PARAM_ulong(OSSL_PKEY_PARAM_RSA_EXPONENT, &key_numbers[DQ]), + OSSL_PARAM_ulong(OSSL_PKEY_PARAM_RSA_COEFFICIENT, &key_numbers[QINV]), + OSSL_PARAM_END + }; + + if (!TEST_ptr(ctx = EVP_PKEY_CTX_new_provided(NULL, "RSA", NULL))) + goto err; + + if (!TEST_true(EVP_PKEY_key_fromdata_init(ctx)) + || !TEST_true(EVP_PKEY_fromdata(ctx, &pk, fromdata_params))) + goto err; + + ret = test_print_key_using_pem(pk) + | test_print_key_using_serializer(pk); + + err: + EVP_PKEY_free(pk); + EVP_PKEY_CTX_free(ctx); + + return ret; +} + +/* Array indexes used in test_fromdata_dh */ +#define PRIV_KEY 0 +#define PUB_KEY 1 +#define FFC_P 2 +#define FFC_G 3 + +static int test_fromdata_dh(void) +{ + int ret = 0; + EVP_PKEY_CTX *ctx = NULL; + EVP_PKEY *pk = NULL; + /* + * 32-bit DH key, extracted from this command, + * executed with OpenSSL 1.0.2: + * + * openssl dhparam -out dhp.pem 32 + * openssl genpkey -paramfile dhp.pem | openssl pkey -text + */ + static unsigned long key_numbers[] = { + 0x666c2b06, /* priv-key */ + 0x6fa6de50, /* pub-key */ + 0x8bb45f53, /* P */ + 0x2, /* G */ + }; + OSSL_PARAM fromdata_params[] = { + OSSL_PARAM_ulong(OSSL_PKEY_PARAM_DH_PRIV_KEY, &key_numbers[PRIV_KEY]), + OSSL_PARAM_ulong(OSSL_PKEY_PARAM_DH_PUB_KEY, &key_numbers[PUB_KEY]), + OSSL_PARAM_ulong(OSSL_PKEY_PARAM_FFC_P, &key_numbers[FFC_P]), + OSSL_PARAM_ulong(OSSL_PKEY_PARAM_FFC_G, &key_numbers[FFC_G]), + OSSL_PARAM_END + }; + + if (!TEST_ptr(ctx = EVP_PKEY_CTX_new_provided(NULL, "DH", NULL))) + goto err; + + if (!TEST_true(EVP_PKEY_key_fromdata_init(ctx)) + || !TEST_true(EVP_PKEY_fromdata(ctx, &pk, fromdata_params))) + goto err; + + ret = test_print_key_using_pem(pk) + | test_print_key_using_serializer(pk); + + err: + EVP_PKEY_free(pk); + EVP_PKEY_CTX_free(ctx); + + return ret; +} + +int setup_tests(void) +{ + ADD_TEST(test_fromdata_rsa); + ADD_TEST(test_fromdata_dh); + return 1; +} diff --git a/test/recipes/30-test_evp_fromdata.t b/test/recipes/30-test_evp_pkey_provided.t similarity index 87% rename from test/recipes/30-test_evp_fromdata.t rename to test/recipes/30-test_evp_pkey_provided.t index 0662de4cdd..669438caed 100644 --- a/test/recipes/30-test_evp_fromdata.t +++ b/test/recipes/30-test_evp_pkey_provided.t @@ -10,4 +10,4 @@ use OpenSSL::Test::Simple; -simple_test("test_evp_fromdata", "evp_fromdata_test"); +simple_test("test_evp_pkey_provided", "evp_pkey_provided_test"); -- 2.25.1