QuasarApp/openssl
4
0
Fork 0
mirror of https://github.com/QuasarApp/openssl.git synced 2025-04-29 19:24:37 +00:00
Code Issues Projects Releases Wiki Activity

TEST: add tests of text and PEM printout of a provider made key

Browse Source 
This renames test/evp_fromdata_test.c to test/evp_pkey_provided_test.c,
to encourage additional testing of provider made keys.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10394)
This commit is contained in:
Richard Levitte 2019-11-18 02:30:50 +01:00
parent 264b789bc2
commit 6ae5543c5f
4 changed files with 201 additions and 92 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
test/build.info
View File

@ -39,7 +39,7 @@ IF[{- !$disabled{tests} -}]
destest mdc2test \ destest mdc2test \
dhtest enginetest casttest \ dhtest enginetest casttest \
bftest ssltest_old dsatest dsa_no_digest_size_test exptest rsa_test \ bftest ssltest_old dsatest dsa_no_digest_size_test exptest rsa_test \
evp_fromdata_test evp_test evp_extra_test evp_fetch_prov_test \ evp_pkey_provided_test evp_test evp_extra_test evp_fetch_prov_test \
igetest v3nametest v3ext \ igetest v3nametest v3ext \
crltest danetest bad_dtls_test lhash_test sparse_array_test \ crltest danetest bad_dtls_test lhash_test sparse_array_test \
conf_include_test params_api_test params_conversion_test \ conf_include_test params_api_test params_conversion_test \
@ -210,9 +210,9 @@ IF[{- !$disabled{tests} -}]
DEFINE[evp_extra_test]=NO_FIPS_MODULE DEFINE[evp_extra_test]=NO_FIPS_MODULE
ENDIF ENDIF
SOURCE[evp_fromdata_test]=evp_fromdata_test.c SOURCE[evp_pkey_provided_test]=evp_pkey_provided_test.c
INCLUDE[evp_fromdata_test]=../include ../apps/include INCLUDE[evp_pkey_provided_test]=../include ../apps/include
DEPEND[evp_fromdata_test]=../libcrypto libtestutil.a DEPEND[evp_pkey_provided_test]=../libcrypto libtestutil.a
SOURCE[igetest]=igetest.c SOURCE[igetest]=igetest.c
INCLUDE[igetest]=../include ../apps/include INCLUDE[igetest]=../include ../apps/include

87
test/evp_fromdata_test.c
View File

@ -1,87 +0,0 @@
/*
* Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
* in the file LICENSE in the source distribution or at
* https://www.openssl.org/source/license.html
*/
#include <openssl/evp.h>
#include <openssl/provider.h>
#include <openssl/params.h>
#include <openssl/core_names.h>
#include "internal/nelem.h"
#include "crypto/evp.h" /* For the internal API */
#include "testutil.h"
/* Array indexes used in test_fromdata_rsa */
#define N 0
#define E 1
#define D 2
#define P 3
#define Q 4
#define DP 5
#define DQ 6
#define QINV 7
static int test_fromdata_rsa(void)
{
int ret = 0;
EVP_PKEY_CTX *ctx = NULL;
EVP_PKEY *pk = NULL;
/*
* 32-bit RSA key, extracted from this command,
* executed with OpenSSL 1.0.2:
*
* openssl genrsa 32 | openssl rsa -text
*/
static unsigned long key_numbers[] = {
0xbc747fc5, /* N */
0x10001, /* E */
0x7b133399, /* D */
0xe963, /* P */
0xceb7, /* Q */
0x8599, /* DP */
0xbd87, /* DQ */
0xcc3b, /* QINV */
};
OSSL_PARAM fromdata_params[] = {
OSSL_PARAM_ulong(OSSL_PKEY_PARAM_RSA_N, &key_numbers[N]),
OSSL_PARAM_ulong(OSSL_PKEY_PARAM_RSA_E, &key_numbers[E]),
OSSL_PARAM_ulong(OSSL_PKEY_PARAM_RSA_D, &key_numbers[D]),
OSSL_PARAM_ulong(OSSL_PKEY_PARAM_RSA_FACTOR, &key_numbers[P]),
OSSL_PARAM_ulong(OSSL_PKEY_PARAM_RSA_FACTOR, &key_numbers[Q]),
OSSL_PARAM_ulong(OSSL_PKEY_PARAM_RSA_EXPONENT, &key_numbers[DP]),
OSSL_PARAM_ulong(OSSL_PKEY_PARAM_RSA_EXPONENT, &key_numbers[DQ]),
OSSL_PARAM_ulong(OSSL_PKEY_PARAM_RSA_COEFFICIENT, &key_numbers[QINV]),
OSSL_PARAM_END
};
if (!TEST_ptr(ctx = EVP_PKEY_CTX_new_provided(NULL, "RSA", NULL)))
goto err;
if (!TEST_true(EVP_PKEY_key_fromdata_init(ctx))
|| !TEST_true(EVP_PKEY_fromdata(ctx, &pk, fromdata_params)))
goto err;
/*
* TODO(3.0) We can't do much more at this point without using internals,
* because RSA functionality is still missing. When the time comes, it
* would be nice to try and do something "useful" with this key, such
* as signing a small piece of data.
*/
ret = 1;
err:
EVP_PKEY_free(pk);
EVP_PKEY_CTX_free(ctx);
return ret;
}
int setup_tests(void)
{
ADD_TEST(test_fromdata_rsa);
return 1;
}

196
test/evp_pkey_provided_test.c Normal file
View File

@ -0,0 +1,196 @@
/*
* Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
* in the file LICENSE in the source distribution or at
* https://www.openssl.org/source/license.html
*/
#include <openssl/evp.h>
#include <openssl/pem.h>
#include <openssl/serializer.h>
#include <openssl/provider.h>
#include <openssl/params.h>
#include <openssl/core_names.h>
#include "internal/nelem.h"
#include "crypto/evp.h" /* For the internal API */
#include "testutil.h"
static int test_print_key_using_pem(const EVP_PKEY *pk)
{
if (!TEST_true(EVP_PKEY_print_private(bio_out, pk, 0, NULL))
/* Public key in PEM form */
|| !TEST_true(PEM_write_bio_PUBKEY(bio_out, pk))
/* Unencrypted private key in PEM form */
|| !TEST_true(PEM_write_bio_PrivateKey(bio_out, pk,
NULL, NULL, 0, NULL, NULL))
/* Encrypted private key in PEM form */
|| !TEST_true(PEM_write_bio_PrivateKey(bio_out, pk, EVP_aes_256_cbc(),
(unsigned char *)"pass", 4,
NULL, NULL)))
return 0;
return 1;
}
static int test_print_key_using_serializer(const EVP_PKEY *pk)
{
const char *pq = OSSL_SERIALIZER_PrivateKey_TO_PEM_PQ;
OSSL_SERIALIZER_CTX *ctx = NULL;
int ret = 1;
/* Make a context, it's valid for several prints */
TEST_note("Setting up a OSSL_SERIALIZER context with passphrase");
if (!TEST_ptr(ctx = OSSL_SERIALIZER_CTX_new_by_EVP_PKEY(pk, pq))
/* Check that this operation is supported */
|| !TEST_ptr(OSSL_SERIALIZER_CTX_get_serializer(ctx))
/* Set a passphrase to be used later */
|| !TEST_true(OSSL_SERIALIZER_CTX_set_passphrase(ctx,
(unsigned char *)"pass",
4)))
goto err;
/* Use no cipher. This should give us an unencrypted PEM */
TEST_note("Displaying PEM with no encryption");
if (!TEST_true(OSSL_SERIALIZER_to_bio(ctx, bio_out)))
ret = 0;
/* Use a valid cipher name */
TEST_note("Displaying PEM encrypted with AES-256-CBC");
if (!TEST_true(OSSL_SERIALIZER_CTX_set_cipher(ctx, "AES-256-CBC", NULL))
|| !TEST_true(OSSL_SERIALIZER_to_bio(ctx, bio_out)))
ret = 0;
/* Use an invalid cipher name, which should generate no output */
TEST_note("NOT Displaying PEM encrypted with (invalid) FOO");
if (!TEST_false(OSSL_SERIALIZER_CTX_set_cipher(ctx, "FOO", NULL))
|| !TEST_false(OSSL_SERIALIZER_to_bio(ctx, bio_out)))
ret = 0;
/* Clear the cipher. This should give us an unencrypted PEM again */
TEST_note("Displaying PEM with encryption cleared (no encryption)");
if (!TEST_true(OSSL_SERIALIZER_CTX_set_cipher(ctx, NULL, NULL))
|| !TEST_true(OSSL_SERIALIZER_to_bio(ctx, bio_out)))
ret = 0;
err:
OSSL_SERIALIZER_CTX_free(ctx);
return ret;
}
/* Array indexes used in test_fromdata_rsa */
#define N 0
#define E 1
#define D 2
#define P 3
#define Q 4
#define DP 5
#define DQ 6
#define QINV 7
static int test_fromdata_rsa(void)
{
int ret = 0;
EVP_PKEY_CTX *ctx = NULL;
EVP_PKEY *pk = NULL;
/*
* 32-bit RSA key, extracted from this command,
* executed with OpenSSL 1.0.2:
*
* openssl genrsa 32 | openssl rsa -text
*/
static unsigned long key_numbers[] = {
0xbc747fc5, /* N */
0x10001, /* E */
0x7b133399, /* D */
0xe963, /* P */
0xceb7, /* Q */
0x8599, /* DP */
0xbd87, /* DQ */
0xcc3b, /* QINV */
};
OSSL_PARAM fromdata_params[] = {
OSSL_PARAM_ulong(OSSL_PKEY_PARAM_RSA_N, &key_numbers[N]),
OSSL_PARAM_ulong(OSSL_PKEY_PARAM_RSA_E, &key_numbers[E]),
OSSL_PARAM_ulong(OSSL_PKEY_PARAM_RSA_D, &key_numbers[D]),
OSSL_PARAM_ulong(OSSL_PKEY_PARAM_RSA_FACTOR, &key_numbers[P]),
OSSL_PARAM_ulong(OSSL_PKEY_PARAM_RSA_FACTOR, &key_numbers[Q]),
OSSL_PARAM_ulong(OSSL_PKEY_PARAM_RSA_EXPONENT, &key_numbers[DP]),
OSSL_PARAM_ulong(OSSL_PKEY_PARAM_RSA_EXPONENT, &key_numbers[DQ]),
OSSL_PARAM_ulong(OSSL_PKEY_PARAM_RSA_COEFFICIENT, &key_numbers[QINV]),
OSSL_PARAM_END
};
if (!TEST_ptr(ctx = EVP_PKEY_CTX_new_provided(NULL, "RSA", NULL)))
goto err;
if (!TEST_true(EVP_PKEY_key_fromdata_init(ctx))
|| !TEST_true(EVP_PKEY_fromdata(ctx, &pk, fromdata_params)))
goto err;
ret = test_print_key_using_pem(pk)
| test_print_key_using_serializer(pk);
err:
EVP_PKEY_free(pk);
EVP_PKEY_CTX_free(ctx);
return ret;
}
/* Array indexes used in test_fromdata_dh */
#define PRIV_KEY 0
#define PUB_KEY 1
#define FFC_P 2
#define FFC_G 3
static int test_fromdata_dh(void)
{
int ret = 0;
EVP_PKEY_CTX *ctx = NULL;
EVP_PKEY *pk = NULL;
/*
* 32-bit DH key, extracted from this command,
* executed with OpenSSL 1.0.2:
*
* openssl dhparam -out dhp.pem 32
* openssl genpkey -paramfile dhp.pem | openssl pkey -text
*/
static unsigned long key_numbers[] = {
0x666c2b06, /* priv-key */
0x6fa6de50, /* pub-key */
0x8bb45f53, /* P */
0x2, /* G */
};
OSSL_PARAM fromdata_params[] = {
OSSL_PARAM_ulong(OSSL_PKEY_PARAM_DH_PRIV_KEY, &key_numbers[PRIV_KEY]),
OSSL_PARAM_ulong(OSSL_PKEY_PARAM_DH_PUB_KEY, &key_numbers[PUB_KEY]),
OSSL_PARAM_ulong(OSSL_PKEY_PARAM_FFC_P, &key_numbers[FFC_P]),
OSSL_PARAM_ulong(OSSL_PKEY_PARAM_FFC_G, &key_numbers[FFC_G]),
OSSL_PARAM_END
};
if (!TEST_ptr(ctx = EVP_PKEY_CTX_new_provided(NULL, "DH", NULL)))
goto err;
if (!TEST_true(EVP_PKEY_key_fromdata_init(ctx))
|| !TEST_true(EVP_PKEY_fromdata(ctx, &pk, fromdata_params)))
goto err;
ret = test_print_key_using_pem(pk)
| test_print_key_using_serializer(pk);
err:
EVP_PKEY_free(pk);
EVP_PKEY_CTX_free(ctx);
return ret;
}
int setup_tests(void)
{
ADD_TEST(test_fromdata_rsa);
ADD_TEST(test_fromdata_dh);
return 1;
}

2
test/recipes/30-test_evp_fromdata.t → test/recipes/30-test_evp_pkey_provided.t
View File

@ -10,4 +10,4 @@
use OpenSSL::Test::Simple; use OpenSSL::Test::Simple;
simple_test("test_evp_fromdata", "evp_fromdata_test"); simple_test("test_evp_pkey_provided", "evp_pkey_provided_test");