algorithmid_test.c@ 105945

最後變更在這個檔案從105945是 104078,由 vboxsync 提交於 8 月前
openssl-3.1.5: Applied and adjusted our OpenSSL changes to 3.1.4. bugref:10638
檔案大小: 10.3 KB

行
1	/*
2	* Copyright 2021 The OpenSSL Project Authors. All Rights Reserved.
3	*
4	* Licensed under the Apache License 2.0 (the "License"). You may not use
5	* this file except in compliance with the License. You can obtain a copy
6	* in the file LICENSE in the source distribution or at
7	* https://www.openssl.org/source/license.html
8	*/
9
10	#include <openssl/asn1.h>
11	#include <openssl/pem.h>
12	#include "internal/sizes.h"
13	#include "crypto/evp.h"
14	#include "testutil.h"
15
16	/* Collected arguments */
17	static const char eecert_filename = NULL; / For test_x509_file() */
18	static const char cacert_filename = NULL; / For test_x509_file() */
19	static const char pubkey_filename = NULL; / For test_spki_file() */
20
21	#define ALGORITHMID_NAME "algorithm-id"
22
23	static int test_spki_aid(X509_PUBKEY pubkey, const char filename)
24	{
25	const ASN1_OBJECT *oid;
26	X509_ALGOR *alg = NULL;
27	EVP_PKEY *pkey = NULL;
28	EVP_KEYMGMT *keymgmt = NULL;
29	void *keydata = NULL;
30	char name[OSSL_MAX_NAME_SIZE] = "";
31	unsigned char *algid_legacy = NULL;
32	int algid_legacy_len = 0;
33	static unsigned char algid_prov[OSSL_MAX_ALGORITHM_ID_SIZE];
34	size_t algid_prov_len = 0;
35	const OSSL_PARAM *gettable_params = NULL;
36	OSSL_PARAM params[] = {
37	OSSL_PARAM_octet_string(ALGORITHMID_NAME,
38	&algid_prov, sizeof(algid_prov)),
39	OSSL_PARAM_END
40	};
41	int ret = 0;
42
43	if (!TEST_true(X509_PUBKEY_get0_param(NULL, NULL, NULL, &alg, pubkey))
44	\|\| !TEST_ptr(pkey = X509_PUBKEY_get0(pubkey)))
45	goto end;
46
47	if (!TEST_int_ge(algid_legacy_len = i2d_X509_ALGOR(alg, &algid_legacy), 0))
48	goto end;
49
50	X509_ALGOR_get0(&oid, NULL, NULL, alg);
51	if (!TEST_int_gt(OBJ_obj2txt(name, sizeof(name), oid, 0), 0))
52	goto end;
53
54	/*
55	* We use an internal functions to ensure we have a provided key.
56	* Note that \|keydata\| should not be freed, as it's cached in \|pkey\|.
57	* The \|keymgmt\|, however, should, as its reference count is incremented
58	* in this function.
59	*/
60	if ((keydata = evp_pkey_export_to_provider(pkey, NULL,
61	&keymgmt, NULL)) == NULL) {
62	TEST_info("The public key found in '%s' doesn't have provider support."
63	" Skipping...",
64	filename);
65	ret = 1;
66	goto end;
67	}
68
69	if (!TEST_true(EVP_KEYMGMT_is_a(keymgmt, name))) {
70	TEST_info("The AlgorithmID key type (%s) for the public key found in"
71	" '%s' doesn't match the key type of the extracted public"
72	" key.",
73	name, filename);
74	ret = 1;
75	goto end;
76	}
77
78	if (!TEST_ptr(gettable_params = EVP_KEYMGMT_gettable_params(keymgmt))
79	\|\| !TEST_ptr(OSSL_PARAM_locate_const(gettable_params, ALGORITHMID_NAME))) {
80	TEST_info("The %s provider keymgmt appears to lack support for algorithm-id."
81	" Skipping...",
82	name);
83	ret = 1;
84	goto end;
85	}
86
87	algid_prov[0] = '\0';
88	if (!TEST_true(evp_keymgmt_get_params(keymgmt, keydata, params)))
89	goto end;
90	algid_prov_len = params[0].return_size;
91
92	/* We now have all the algorithm IDs we need, let's compare them */
93	if (TEST_mem_eq(algid_legacy, algid_legacy_len,
94	algid_prov, algid_prov_len))
95	ret = 1;
96
97	end:
98	EVP_KEYMGMT_free(keymgmt);
99	OPENSSL_free(algid_legacy);
100	return ret;
101	}
102
103	static int test_x509_spki_aid(X509 cert, const char filename)
104	{
105	X509_PUBKEY *pubkey = X509_get_X509_PUBKEY(cert);
106
107	return test_spki_aid(pubkey, filename);
108	}
109
110	static int test_x509_sig_aid(X509 eecert, const char ee_filename,
111	X509 cacert, const char ca_filename)
112	{
113	const ASN1_OBJECT *sig_oid = NULL;
114	const X509_ALGOR *alg = NULL;
115	int sig_nid = NID_undef, dig_nid = NID_undef, pkey_nid = NID_undef;
116	EVP_MD_CTX *mdctx = NULL;
117	EVP_PKEY_CTX *pctx = NULL;
118	EVP_PKEY *pkey = NULL;
119	unsigned char *algid_legacy = NULL;
120	int algid_legacy_len = 0;
121	static unsigned char algid_prov[OSSL_MAX_ALGORITHM_ID_SIZE];
122	size_t algid_prov_len = 0;
123	const OSSL_PARAM *gettable_params = NULL;
124	OSSL_PARAM params[] = {
125	OSSL_PARAM_octet_string("algorithm-id",
126	&algid_prov, sizeof(algid_prov)),
127	OSSL_PARAM_END
128	};
129	int ret = 0;
130
131	X509_get0_signature(NULL, &alg, eecert);
132	X509_ALGOR_get0(&sig_oid, NULL, NULL, alg);
133	if (!TEST_int_eq(X509_ALGOR_cmp(alg, X509_get0_tbs_sigalg(eecert)), 0))
134	goto end;
135	if (!TEST_int_ne(sig_nid = OBJ_obj2nid(sig_oid), NID_undef)
136	\|\| !TEST_true(OBJ_find_sigid_algs(sig_nid, &dig_nid, &pkey_nid))
137	\|\| !TEST_ptr(pkey = X509_get0_pubkey(cacert)))
138	goto end;
139
140	if (!TEST_true(EVP_PKEY_is_a(pkey, OBJ_nid2sn(pkey_nid)))) {
141	TEST_info("The '%s' pubkey can't be used to verify the '%s' signature",
142	ca_filename, ee_filename);
143	TEST_info("Signature algorithm is %s (pkey type %s, hash type %s)",
144	OBJ_nid2sn(sig_nid), OBJ_nid2sn(pkey_nid), OBJ_nid2sn(dig_nid));
145	TEST_info("Pkey key type is %s", EVP_PKEY_get0_type_name(pkey));
146	goto end;
147	}
148
149	if (!TEST_int_ge(algid_legacy_len = i2d_X509_ALGOR(alg, &algid_legacy), 0))
150	goto end;
151
152	if (!TEST_ptr(mdctx = EVP_MD_CTX_new())
153	\|\| !TEST_true(EVP_DigestVerifyInit_ex(mdctx, &pctx,
154	OBJ_nid2sn(dig_nid),
155	NULL, NULL, pkey, NULL))) {
156	TEST_info("Couldn't initialize a DigestVerify operation with "
157	"pkey type %s and hash type %s",
158	OBJ_nid2sn(pkey_nid), OBJ_nid2sn(dig_nid));
159	goto end;
160	}
161
162	if (!TEST_ptr(gettable_params = EVP_PKEY_CTX_gettable_params(pctx))
163	\|\| !TEST_ptr(OSSL_PARAM_locate_const(gettable_params, ALGORITHMID_NAME))) {
164	TEST_info("The %s provider keymgmt appears to lack support for algorithm-id"
165	" Skipping...",
166	OBJ_nid2sn(pkey_nid));
167	ret = 1;
168	goto end;
169	}
170
171	algid_prov[0] = '\0';
172	if (!TEST_true(EVP_PKEY_CTX_get_params(pctx, params)))
173	goto end;
174	algid_prov_len = params[0].return_size;
175
176	/* We now have all the algorithm IDs we need, let's compare them */
177	if (TEST_mem_eq(algid_legacy, algid_legacy_len,
178	algid_prov, algid_prov_len))
179	ret = 1;
180
181	end:
182	EVP_MD_CTX_free(mdctx);
183	/* pctx is free by EVP_MD_CTX_free() */
184	OPENSSL_free(algid_legacy);
185	return ret;
186	}
187
188	static int test_spki_file(void)
189	{
190	X509_PUBKEY *pubkey = NULL;
191	BIO *b = BIO_new_file(pubkey_filename, "r");
192	int ret = 0;
193
194	if (b == NULL) {
195	TEST_error("Couldn't open '%s' for reading\n", pubkey_filename);
196	TEST_openssl_errors();
197	goto end;
198	}
199
200	if ((pubkey = PEM_read_bio_X509_PUBKEY(b, NULL, NULL, NULL)) == NULL) {
201	TEST_error("'%s' doesn't appear to be a SubjectPublicKeyInfo in PEM format\n",
202	pubkey_filename);
203	TEST_openssl_errors();
204	goto end;
205	}
206
207	ret = test_spki_aid(pubkey, pubkey_filename);
208	end:
209	BIO_free(b);
210	X509_PUBKEY_free(pubkey);
211	return ret;
212	}
213
214	static int test_x509_files(void)
215	{
216	X509 eecert = NULL, cacert = NULL;
217	BIO bee = NULL, bca = NULL;
218	int ret = 0;
219
220	if ((bee = BIO_new_file(eecert_filename, "r")) == NULL) {
221	TEST_error("Couldn't open '%s' for reading\n", eecert_filename);
222	TEST_openssl_errors();
223	goto end;
224	}
225	if ((bca = BIO_new_file(cacert_filename, "r")) == NULL) {
226	TEST_error("Couldn't open '%s' for reading\n", cacert_filename);
227	TEST_openssl_errors();
228	goto end;
229	}
230
231	if ((eecert = PEM_read_bio_X509(bee, NULL, NULL, NULL)) == NULL) {
232	TEST_error("'%s' doesn't appear to be a X.509 certificate in PEM format\n",
233	eecert_filename);
234	TEST_openssl_errors();
235	goto end;
236	}
237	if ((cacert = PEM_read_bio_X509(bca, NULL, NULL, NULL)) == NULL) {
238	TEST_error("'%s' doesn't appear to be a X.509 certificate in PEM format\n",
239	cacert_filename);
240	TEST_openssl_errors();
241	goto end;
242	}
243
244	ret = test_x509_sig_aid(eecert, eecert_filename, cacert, cacert_filename)
245	& test_x509_spki_aid(eecert, eecert_filename)
246	& test_x509_spki_aid(cacert, cacert_filename);
247	end:
248	BIO_free(bee);
249	BIO_free(bca);
250	X509_free(eecert);
251	X509_free(cacert);
252	return ret;
253	}
254
255	typedef enum OPTION_choice {
256	OPT_ERR = -1,
257	OPT_EOF = 0,
258	OPT_X509,
259	OPT_SPKI,
260	OPT_TEST_ENUM
261	} OPTION_CHOICE;
262
263	const OPTIONS *test_get_options(void)
264	{
265	static const OPTIONS test_options[] = {
266	OPT_TEST_OPTIONS_WITH_EXTRA_USAGE("file...\n"),
267	{ "x509", OPT_X509, '-', "Test X.509 certificates. Requires two files" },
268	{ "spki", OPT_SPKI, '-', "Test public keys in SubjectPublicKeyInfo form. Requires one file" },
269	{ OPT_HELP_STR, 1, '-',
270	"file...\tFile(s) to run tests on. All files must be PEM encoded.\n" },
271	{ NULL }
272	};
273	return test_options;
274	}
275
276	int setup_tests(void)
277	{
278	OPTION_CHOICE o;
279	int n, x509 = 0, spki = 0, testcount = 0;
280
281	while ((o = opt_next()) != OPT_EOF) {
282	switch (o) {
283	case OPT_X509:
284	x509 = 1;
285	break;
286	case OPT_SPKI:
287	spki = 1;
288	break;
289	case OPT_TEST_CASES:
290	break;
291	default:
292	case OPT_ERR:
293	return 0;
294	}
295	}
296
297	/* \|testcount\| adds all the given test types together */
298	testcount = x509 + spki;
299
300	if (testcount < 1)
301	BIO_printf(bio_err, "No test type given\n");
302	else if (testcount > 1)
303	BIO_printf(bio_err, "Only one test type may be given\n");
304	if (testcount != 1)
305	return 0;
306
307	n = test_get_argument_count();
308	if (spki && n == 1) {
309	pubkey_filename = test_get_argument(0);
310	} else if (x509 && n == 2) {
311	eecert_filename = test_get_argument(0);
312	cacert_filename = test_get_argument(1);
313	}
314
315	if (spki && pubkey_filename == NULL) {
316	BIO_printf(bio_err, "Missing -spki argument\n");
317	return 0;
318	} else if (x509 && (eecert_filename == NULL \|\| cacert_filename == NULL)) {
319	BIO_printf(bio_err, "Missing -x509 argument(s)\n");
320	return 0;
321	}
322
323	if (x509)
324	ADD_TEST(test_x509_files);
325	if (spki)
326	ADD_TEST(test_spki_file);
327	return 1;
328	}

注意: 瀏覽 TracBrowser 來幫助您使用儲存庫瀏覽器

source: vbox/trunk/src/libs/openssl-3.1.7/test/algorithmid_test.c@ 105945

以其他格式下載: