TEST: add tests of text and PEM printout of a provider made key

This renames test/evp_fromdata_test.c to test/evp_pkey_provided_test.c, to encourage additional testing of provider made keys. Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/10394)
2025-04-29 03:04:37 +00:00 · 2019-11-18 02:30:50 +01:00 · 2019-11-18 02:30:50 +01:00 · 6ae5543c5f
commit 6ae5543c5f
parent 264b789bc2
4 changed files with 201 additions and 92 deletions
--- a/test/build.info
+++ b/test/build.info
@ -39,7 +39,7 @@ IF[{- !$disabled{tests} -}]
          destest mdc2test \
          dhtest enginetest casttest \
          bftest ssltest_old dsatest dsa_no_digest_size_test exptest rsa_test \
-          evp_fromdata_test evp_test evp_extra_test evp_fetch_prov_test \
+          evp_pkey_provided_test evp_test evp_extra_test evp_fetch_prov_test \
          igetest v3nametest v3ext \
          crltest danetest bad_dtls_test lhash_test sparse_array_test \
          conf_include_test params_api_test params_conversion_test \
@ -210,9 +210,9 @@ IF[{- !$disabled{tests} -}]
    DEFINE[evp_extra_test]=NO_FIPS_MODULE
  ENDIF

-  SOURCE[evp_fromdata_test]=evp_fromdata_test.c
-  INCLUDE[evp_fromdata_test]=../include ../apps/include
-  DEPEND[evp_fromdata_test]=../libcrypto libtestutil.a
+  SOURCE[evp_pkey_provided_test]=evp_pkey_provided_test.c
+  INCLUDE[evp_pkey_provided_test]=../include ../apps/include
+  DEPEND[evp_pkey_provided_test]=../libcrypto libtestutil.a

  SOURCE[igetest]=igetest.c
  INCLUDE[igetest]=../include ../apps/include
--- a/test/evp_fromdata_test.c
+++ b/test/evp_fromdata_test.c
@ -1,87 +0,0 @@
-/*
- * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.
- *
- * Licensed under the Apache License 2.0 (the "License").  You may not use
- * this file except in compliance with the License.  You can obtain a copy
- * in the file LICENSE in the source distribution or at
- * https://www.openssl.org/source/license.html
- */
-
-#include <openssl/evp.h>
-#include <openssl/provider.h>
-#include <openssl/params.h>
-#include <openssl/core_names.h>
-#include "internal/nelem.h"
-#include "crypto/evp.h"          /* For the internal API */
-#include "testutil.h"
-
-/* Array indexes used in test_fromdata_rsa */
-#define N       0
-#define E       1
-#define D       2
-#define P       3
-#define Q       4
-#define DP      5
-#define DQ      6
-#define QINV    7
-
-static int test_fromdata_rsa(void)
-{
-    int ret = 0;
-    EVP_PKEY_CTX *ctx = NULL;
-    EVP_PKEY *pk = NULL;
-    /*
-     * 32-bit RSA key, extracted from this command,
-     * executed with OpenSSL 1.0.2:
-     *
-     * openssl genrsa 32 | openssl rsa -text
-     */
-    static unsigned long key_numbers[] = {
-        0xbc747fc5,              /* N */
-        0x10001,                 /* E */
-        0x7b133399,              /* D */
-        0xe963,                  /* P */
-        0xceb7,                  /* Q */
-        0x8599,                  /* DP */
-        0xbd87,                  /* DQ */
-        0xcc3b,                  /* QINV */
-    };
-    OSSL_PARAM fromdata_params[] = {
-        OSSL_PARAM_ulong(OSSL_PKEY_PARAM_RSA_N, &key_numbers[N]),
-        OSSL_PARAM_ulong(OSSL_PKEY_PARAM_RSA_E, &key_numbers[E]),
-        OSSL_PARAM_ulong(OSSL_PKEY_PARAM_RSA_D, &key_numbers[D]),
-        OSSL_PARAM_ulong(OSSL_PKEY_PARAM_RSA_FACTOR, &key_numbers[P]),
-        OSSL_PARAM_ulong(OSSL_PKEY_PARAM_RSA_FACTOR, &key_numbers[Q]),
-        OSSL_PARAM_ulong(OSSL_PKEY_PARAM_RSA_EXPONENT, &key_numbers[DP]),
-        OSSL_PARAM_ulong(OSSL_PKEY_PARAM_RSA_EXPONENT, &key_numbers[DQ]),
-        OSSL_PARAM_ulong(OSSL_PKEY_PARAM_RSA_COEFFICIENT, &key_numbers[QINV]),
-        OSSL_PARAM_END
-    };
-
-    if (!TEST_ptr(ctx = EVP_PKEY_CTX_new_provided(NULL, "RSA", NULL)))
-        goto err;
-
-    if (!TEST_true(EVP_PKEY_key_fromdata_init(ctx))
-        || !TEST_true(EVP_PKEY_fromdata(ctx, &pk, fromdata_params)))
-        goto err;
-
-    /*
-     * TODO(3.0) We can't do much more at this point without using internals,
-     * because RSA functionality is still missing.  When the time comes, it
-     * would be nice to try and do something "useful" with this key, such
-     * as signing a small piece of data.
-     */
-    ret = 1;
-
- err:
-    EVP_PKEY_free(pk);
-    EVP_PKEY_CTX_free(ctx);
-
-    return ret;
-}
-
-int setup_tests(void)
-{
-    ADD_TEST(test_fromdata_rsa);
-    return 1;
-}
--- a/test/evp_pkey_provided_test.c
+++ b/test/evp_pkey_provided_test.c
@ -0,0 +1,196 @@
+/*
+ * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/evp.h>
+#include <openssl/pem.h>
+#include <openssl/serializer.h>
+#include <openssl/provider.h>
+#include <openssl/params.h>
+#include <openssl/core_names.h>
+#include "internal/nelem.h"
+#include "crypto/evp.h"          /* For the internal API */
+#include "testutil.h"
+
+static int test_print_key_using_pem(const EVP_PKEY *pk)
+{
+    if (!TEST_true(EVP_PKEY_print_private(bio_out, pk, 0, NULL))
+        /* Public key in PEM form */
+        || !TEST_true(PEM_write_bio_PUBKEY(bio_out, pk))
+        /* Unencrypted private key in PEM form */
+        || !TEST_true(PEM_write_bio_PrivateKey(bio_out, pk,
+                                               NULL, NULL, 0, NULL, NULL))
+        /* Encrypted private key in PEM form */
+        || !TEST_true(PEM_write_bio_PrivateKey(bio_out, pk, EVP_aes_256_cbc(),
+                                               (unsigned char *)"pass", 4,
+                                               NULL, NULL)))
+        return 0;
+
+    return 1;
+}
+
+static int test_print_key_using_serializer(const EVP_PKEY *pk)
+{
+    const char *pq = OSSL_SERIALIZER_PrivateKey_TO_PEM_PQ;
+    OSSL_SERIALIZER_CTX *ctx = NULL;
+    int ret = 1;
+
+    /* Make a context, it's valid for several prints */
+    TEST_note("Setting up a OSSL_SERIALIZER context with passphrase");
+    if (!TEST_ptr(ctx = OSSL_SERIALIZER_CTX_new_by_EVP_PKEY(pk, pq))
+        /* Check that this operation is supported */
+        || !TEST_ptr(OSSL_SERIALIZER_CTX_get_serializer(ctx))
+        /* Set a passphrase to be used later */
+        || !TEST_true(OSSL_SERIALIZER_CTX_set_passphrase(ctx,
+                                                         (unsigned char *)"pass",
+                                                         4)))
+        goto err;
+
+    /* Use no cipher.  This should give us an unencrypted PEM */
+    TEST_note("Displaying PEM with no encryption");
+    if (!TEST_true(OSSL_SERIALIZER_to_bio(ctx, bio_out)))
+        ret = 0;
+
+    /* Use a valid cipher name */
+    TEST_note("Displaying PEM encrypted with AES-256-CBC");
+    if (!TEST_true(OSSL_SERIALIZER_CTX_set_cipher(ctx, "AES-256-CBC", NULL))
+        || !TEST_true(OSSL_SERIALIZER_to_bio(ctx, bio_out)))
+        ret = 0;
+
+    /* Use an invalid cipher name, which should generate no output */
+    TEST_note("NOT Displaying PEM encrypted with (invalid) FOO");
+    if (!TEST_false(OSSL_SERIALIZER_CTX_set_cipher(ctx, "FOO", NULL))
+        || !TEST_false(OSSL_SERIALIZER_to_bio(ctx, bio_out)))
+        ret = 0;
+
+    /* Clear the cipher.  This should give us an unencrypted PEM again */
+    TEST_note("Displaying PEM with encryption cleared (no encryption)");
+    if (!TEST_true(OSSL_SERIALIZER_CTX_set_cipher(ctx, NULL, NULL))
+        || !TEST_true(OSSL_SERIALIZER_to_bio(ctx, bio_out)))
+        ret = 0;
+
+err:
+    OSSL_SERIALIZER_CTX_free(ctx);
+    return ret;
+}
+
+/* Array indexes used in test_fromdata_rsa */
+#define N       0
+#define E       1
+#define D       2
+#define P       3
+#define Q       4
+#define DP      5
+#define DQ      6
+#define QINV    7
+
+static int test_fromdata_rsa(void)
+{
+    int ret = 0;
+    EVP_PKEY_CTX *ctx = NULL;
+    EVP_PKEY *pk = NULL;
+    /*
+     * 32-bit RSA key, extracted from this command,
+     * executed with OpenSSL 1.0.2:
+     *
+     * openssl genrsa 32 | openssl rsa -text
+     */
+    static unsigned long key_numbers[] = {
+        0xbc747fc5,              /* N */
+        0x10001,                 /* E */
+        0x7b133399,              /* D */
+        0xe963,                  /* P */
+        0xceb7,                  /* Q */
+        0x8599,                  /* DP */
+        0xbd87,                  /* DQ */
+        0xcc3b,                  /* QINV */
+    };
+    OSSL_PARAM fromdata_params[] = {
+        OSSL_PARAM_ulong(OSSL_PKEY_PARAM_RSA_N, &key_numbers[N]),
+        OSSL_PARAM_ulong(OSSL_PKEY_PARAM_RSA_E, &key_numbers[E]),
+        OSSL_PARAM_ulong(OSSL_PKEY_PARAM_RSA_D, &key_numbers[D]),
+        OSSL_PARAM_ulong(OSSL_PKEY_PARAM_RSA_FACTOR, &key_numbers[P]),
+        OSSL_PARAM_ulong(OSSL_PKEY_PARAM_RSA_FACTOR, &key_numbers[Q]),
+        OSSL_PARAM_ulong(OSSL_PKEY_PARAM_RSA_EXPONENT, &key_numbers[DP]),
+        OSSL_PARAM_ulong(OSSL_PKEY_PARAM_RSA_EXPONENT, &key_numbers[DQ]),
+        OSSL_PARAM_ulong(OSSL_PKEY_PARAM_RSA_COEFFICIENT, &key_numbers[QINV]),
+        OSSL_PARAM_END
+    };
+
+    if (!TEST_ptr(ctx = EVP_PKEY_CTX_new_provided(NULL, "RSA", NULL)))
+        goto err;
+
+    if (!TEST_true(EVP_PKEY_key_fromdata_init(ctx))
+        || !TEST_true(EVP_PKEY_fromdata(ctx, &pk, fromdata_params)))
+        goto err;
+
+    ret = test_print_key_using_pem(pk)
+        | test_print_key_using_serializer(pk);
+
+ err:
+    EVP_PKEY_free(pk);
+    EVP_PKEY_CTX_free(ctx);
+
+    return ret;
+}
+
+/* Array indexes used in test_fromdata_dh */
+#define PRIV_KEY        0
+#define PUB_KEY         1
+#define FFC_P           2
+#define FFC_G           3
+
+static int test_fromdata_dh(void)
+{
+    int ret = 0;
+    EVP_PKEY_CTX *ctx = NULL;
+    EVP_PKEY *pk = NULL;
+    /*
+     * 32-bit DH key, extracted from this command,
+     * executed with OpenSSL 1.0.2:
+     *
+     * openssl dhparam -out dhp.pem 32
+     * openssl genpkey -paramfile dhp.pem | openssl pkey -text
+     */
+    static unsigned long key_numbers[] = {
+        0x666c2b06,              /* priv-key */
+        0x6fa6de50,              /* pub-key */
+        0x8bb45f53,              /* P */
+        0x2,                     /* G */
+    };
+    OSSL_PARAM fromdata_params[] = {
+        OSSL_PARAM_ulong(OSSL_PKEY_PARAM_DH_PRIV_KEY, &key_numbers[PRIV_KEY]),
+        OSSL_PARAM_ulong(OSSL_PKEY_PARAM_DH_PUB_KEY, &key_numbers[PUB_KEY]),
+        OSSL_PARAM_ulong(OSSL_PKEY_PARAM_FFC_P, &key_numbers[FFC_P]),
+        OSSL_PARAM_ulong(OSSL_PKEY_PARAM_FFC_G, &key_numbers[FFC_G]),
+        OSSL_PARAM_END
+    };
+
+    if (!TEST_ptr(ctx = EVP_PKEY_CTX_new_provided(NULL, "DH", NULL)))
+        goto err;
+
+    if (!TEST_true(EVP_PKEY_key_fromdata_init(ctx))
+        || !TEST_true(EVP_PKEY_fromdata(ctx, &pk, fromdata_params)))
+        goto err;
+
+    ret = test_print_key_using_pem(pk)
+        | test_print_key_using_serializer(pk);
+
+ err:
+    EVP_PKEY_free(pk);
+    EVP_PKEY_CTX_free(ctx);
+
+    return ret;
+}
+
+int setup_tests(void)
+{
+    ADD_TEST(test_fromdata_rsa);
+    ADD_TEST(test_fromdata_dh);
+    return 1;
+}
--- a/test/recipes/30-test_evp_pkey_provided.t
+++ b/test/recipes/30-test_evp_pkey_provided.t
@ -10,4 +10,4 @@

 use OpenSSL::Test::Simple;

-simple_test("test_evp_fromdata", "evp_fromdata_test");
+simple_test("test_evp_pkey_provided", "evp_pkey_provided_test");