1 | /*
|
---|
2 | * Copyright 2019-2022 The OpenSSL Project Authors. All Rights Reserved.
|
---|
3 | *
|
---|
4 | * Licensed under the Apache License 2.0 (the "License"). You may not use
|
---|
5 | * this file except in compliance with the License. You can obtain a copy
|
---|
6 | * in the file LICENSE in the source distribution or at
|
---|
7 | * https://www.openssl.org/source/license.html
|
---|
8 | */
|
---|
9 |
|
---|
10 | /*
|
---|
11 | * RSA low level APIs are deprecated for public use, but still ok for
|
---|
12 | * internal use.
|
---|
13 | */
|
---|
14 | #include "internal/deprecated.h"
|
---|
15 |
|
---|
16 | #include <string.h>
|
---|
17 |
|
---|
18 | #include <openssl/bio.h>
|
---|
19 | #include <openssl/bn.h>
|
---|
20 | #include <openssl/rsa.h>
|
---|
21 | #include <openssl/evp.h>
|
---|
22 | #include <openssl/pem.h>
|
---|
23 | #include <openssl/provider.h>
|
---|
24 | #include <openssl/core_names.h>
|
---|
25 | #include "internal/core.h"
|
---|
26 | #include "internal/nelem.h"
|
---|
27 | #include "crypto/evp.h" /* For the internal API */
|
---|
28 | #include "testutil.h"
|
---|
29 |
|
---|
30 | typedef struct {
|
---|
31 | OSSL_LIB_CTX *ctx1;
|
---|
32 | OSSL_PROVIDER *prov1;
|
---|
33 | OSSL_LIB_CTX *ctx2;
|
---|
34 | OSSL_PROVIDER *prov2;
|
---|
35 | } FIXTURE;
|
---|
36 |
|
---|
37 | /* Collected arguments */
|
---|
38 | static const char *cert_filename = NULL;
|
---|
39 |
|
---|
40 | static void tear_down(FIXTURE *fixture)
|
---|
41 | {
|
---|
42 | if (fixture != NULL) {
|
---|
43 | OSSL_PROVIDER_unload(fixture->prov1);
|
---|
44 | OSSL_PROVIDER_unload(fixture->prov2);
|
---|
45 | OSSL_LIB_CTX_free(fixture->ctx1);
|
---|
46 | OSSL_LIB_CTX_free(fixture->ctx2);
|
---|
47 | OPENSSL_free(fixture);
|
---|
48 | }
|
---|
49 | }
|
---|
50 |
|
---|
51 | static FIXTURE *set_up(const char *testcase_name)
|
---|
52 | {
|
---|
53 | FIXTURE *fixture;
|
---|
54 |
|
---|
55 | if (!TEST_ptr(fixture = OPENSSL_zalloc(sizeof(*fixture)))
|
---|
56 | || !TEST_ptr(fixture->ctx1 = OSSL_LIB_CTX_new())
|
---|
57 | || !TEST_ptr(fixture->prov1 = OSSL_PROVIDER_load(fixture->ctx1,
|
---|
58 | "default"))
|
---|
59 | || !TEST_ptr(fixture->ctx2 = OSSL_LIB_CTX_new())
|
---|
60 | || !TEST_ptr(fixture->prov2 = OSSL_PROVIDER_load(fixture->ctx2,
|
---|
61 | "default"))) {
|
---|
62 | tear_down(fixture);
|
---|
63 | return NULL;
|
---|
64 | }
|
---|
65 | return fixture;
|
---|
66 | }
|
---|
67 |
|
---|
68 | /* Array indexes */
|
---|
69 | #define N 0
|
---|
70 | #define E 1
|
---|
71 | #define D 2
|
---|
72 | #define P 3
|
---|
73 | #define Q 4
|
---|
74 | #define F3 5 /* Extra factor */
|
---|
75 | #define DP 6
|
---|
76 | #define DQ 7
|
---|
77 | #define E3 8 /* Extra exponent */
|
---|
78 | #define QINV 9
|
---|
79 | #define C2 10 /* Extra coefficient */
|
---|
80 |
|
---|
81 | /*
|
---|
82 | * We have to do this because OSSL_PARAM_get_ulong() can't handle params
|
---|
83 | * holding data that isn't exactly sizeof(uint32_t) or sizeof(uint64_t),
|
---|
84 | * and because the other end deals with BIGNUM, the resulting param might
|
---|
85 | * be any size. In this particular test, we know that the expected data
|
---|
86 | * fits within an unsigned long, and we want to get the data in that form
|
---|
87 | * to make testing of values easier.
|
---|
88 | */
|
---|
89 | static int get_ulong_via_BN(const OSSL_PARAM *p, unsigned long *goal)
|
---|
90 | {
|
---|
91 | BIGNUM *n = NULL;
|
---|
92 | int ret = 1; /* Ever so hopeful */
|
---|
93 |
|
---|
94 | if (!TEST_true(OSSL_PARAM_get_BN(p, &n))
|
---|
95 | || !TEST_int_ge(BN_bn2nativepad(n, (unsigned char *)goal, sizeof(*goal)), 0))
|
---|
96 | ret = 0;
|
---|
97 | BN_free(n);
|
---|
98 | return ret;
|
---|
99 | }
|
---|
100 |
|
---|
101 | static int export_cb(const OSSL_PARAM *params, void *arg)
|
---|
102 | {
|
---|
103 | unsigned long *keydata = arg;
|
---|
104 | const OSSL_PARAM *p = NULL;
|
---|
105 |
|
---|
106 | if (keydata == NULL)
|
---|
107 | return 0;
|
---|
108 |
|
---|
109 | if (!TEST_ptr(p = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_RSA_N))
|
---|
110 | || !TEST_true(get_ulong_via_BN(p, &keydata[N]))
|
---|
111 | || !TEST_ptr(p = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_RSA_E))
|
---|
112 | || !TEST_true(get_ulong_via_BN(p, &keydata[E]))
|
---|
113 | || !TEST_ptr(p = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_RSA_D))
|
---|
114 | || !TEST_true(get_ulong_via_BN(p, &keydata[D])))
|
---|
115 | return 0;
|
---|
116 |
|
---|
117 | if (!TEST_ptr(p = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_RSA_FACTOR1))
|
---|
118 | || !TEST_true(get_ulong_via_BN(p, &keydata[P]))
|
---|
119 | || !TEST_ptr(p = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_RSA_FACTOR2))
|
---|
120 | || !TEST_true(get_ulong_via_BN(p, &keydata[Q]))
|
---|
121 | || !TEST_ptr(p = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_RSA_FACTOR3))
|
---|
122 | || !TEST_true(get_ulong_via_BN(p, &keydata[F3])))
|
---|
123 | return 0;
|
---|
124 |
|
---|
125 | if (!TEST_ptr(p = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_RSA_EXPONENT1))
|
---|
126 | || !TEST_true(get_ulong_via_BN(p, &keydata[DP]))
|
---|
127 | || !TEST_ptr(p = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_RSA_EXPONENT2))
|
---|
128 | || !TEST_true(get_ulong_via_BN(p, &keydata[DQ]))
|
---|
129 | || !TEST_ptr(p = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_RSA_EXPONENT3))
|
---|
130 | || !TEST_true(get_ulong_via_BN(p, &keydata[E3])))
|
---|
131 | return 0;
|
---|
132 |
|
---|
133 | if (!TEST_ptr(p = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_RSA_COEFFICIENT1))
|
---|
134 | || !TEST_true(get_ulong_via_BN(p, &keydata[QINV]))
|
---|
135 | || !TEST_ptr(p = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_RSA_COEFFICIENT2))
|
---|
136 | || !TEST_true(get_ulong_via_BN(p, &keydata[C2])))
|
---|
137 | return 0;
|
---|
138 |
|
---|
139 | return 1;
|
---|
140 | }
|
---|
141 |
|
---|
142 | static int test_pass_rsa(FIXTURE *fixture)
|
---|
143 | {
|
---|
144 | size_t i;
|
---|
145 | int ret = 0;
|
---|
146 | RSA *rsa = NULL;
|
---|
147 | BIGNUM *bn1 = NULL, *bn2 = NULL, *bn3 = NULL;
|
---|
148 | EVP_PKEY *pk = NULL, *dup_pk = NULL;
|
---|
149 | EVP_KEYMGMT *km = NULL, *km1 = NULL, *km2 = NULL, *km3 = NULL;
|
---|
150 | void *provkey = NULL, *provkey2 = NULL;
|
---|
151 | BIGNUM *bn_primes[1] = { NULL };
|
---|
152 | BIGNUM *bn_exps[1] = { NULL };
|
---|
153 | BIGNUM *bn_coeffs[1] = { NULL };
|
---|
154 | /*
|
---|
155 | * 32-bit RSA key, extracted from this command,
|
---|
156 | * executed with OpenSSL 1.0.2:
|
---|
157 | * An extra factor was added just for testing purposes.
|
---|
158 | *
|
---|
159 | * openssl genrsa 32 | openssl rsa -text
|
---|
160 | */
|
---|
161 | static BN_ULONG expected[] = {
|
---|
162 | 0xbc747fc5, /* N */
|
---|
163 | 0x10001, /* E */
|
---|
164 | 0x7b133399, /* D */
|
---|
165 | 0xe963, /* P */
|
---|
166 | 0xceb7, /* Q */
|
---|
167 | 1, /* F3 */
|
---|
168 | 0x8599, /* DP */
|
---|
169 | 0xbd87, /* DQ */
|
---|
170 | 2, /* E3 */
|
---|
171 | 0xcc3b, /* QINV */
|
---|
172 | 3, /* C3 */
|
---|
173 | 0 /* Extra, should remain zero */
|
---|
174 | };
|
---|
175 | static unsigned long keydata[OSSL_NELEM(expected)] = { 0, };
|
---|
176 |
|
---|
177 | if (!TEST_ptr(rsa = RSA_new()))
|
---|
178 | goto err;
|
---|
179 |
|
---|
180 | if (!TEST_ptr(bn1 = BN_new())
|
---|
181 | || !TEST_true(BN_set_word(bn1, expected[N]))
|
---|
182 | || !TEST_ptr(bn2 = BN_new())
|
---|
183 | || !TEST_true(BN_set_word(bn2, expected[E]))
|
---|
184 | || !TEST_ptr(bn3 = BN_new())
|
---|
185 | || !TEST_true(BN_set_word(bn3, expected[D]))
|
---|
186 | || !TEST_true(RSA_set0_key(rsa, bn1, bn2, bn3)))
|
---|
187 | goto err;
|
---|
188 |
|
---|
189 | if (!TEST_ptr(bn1 = BN_new())
|
---|
190 | || !TEST_true(BN_set_word(bn1, expected[P]))
|
---|
191 | || !TEST_ptr(bn2 = BN_new())
|
---|
192 | || !TEST_true(BN_set_word(bn2, expected[Q]))
|
---|
193 | || !TEST_true(RSA_set0_factors(rsa, bn1, bn2)))
|
---|
194 | goto err;
|
---|
195 |
|
---|
196 | if (!TEST_ptr(bn1 = BN_new())
|
---|
197 | || !TEST_true(BN_set_word(bn1, expected[DP]))
|
---|
198 | || !TEST_ptr(bn2 = BN_new())
|
---|
199 | || !TEST_true(BN_set_word(bn2, expected[DQ]))
|
---|
200 | || !TEST_ptr(bn3 = BN_new())
|
---|
201 | || !TEST_true(BN_set_word(bn3, expected[QINV]))
|
---|
202 | || !TEST_true(RSA_set0_crt_params(rsa, bn1, bn2, bn3)))
|
---|
203 | goto err;
|
---|
204 | bn1 = bn2 = bn3 = NULL;
|
---|
205 |
|
---|
206 | if (!TEST_ptr(bn_primes[0] = BN_new())
|
---|
207 | || !TEST_true(BN_set_word(bn_primes[0], expected[F3]))
|
---|
208 | || !TEST_ptr(bn_exps[0] = BN_new())
|
---|
209 | || !TEST_true(BN_set_word(bn_exps[0], expected[E3]))
|
---|
210 | || !TEST_ptr(bn_coeffs[0] = BN_new())
|
---|
211 | || !TEST_true(BN_set_word(bn_coeffs[0], expected[C2]))
|
---|
212 | || !TEST_true(RSA_set0_multi_prime_params(rsa, bn_primes, bn_exps,
|
---|
213 | bn_coeffs, 1)))
|
---|
214 | goto err;
|
---|
215 |
|
---|
216 | if (!TEST_ptr(pk = EVP_PKEY_new())
|
---|
217 | || !TEST_true(EVP_PKEY_assign_RSA(pk, rsa)))
|
---|
218 | goto err;
|
---|
219 | rsa = NULL;
|
---|
220 |
|
---|
221 | if (!TEST_ptr(km1 = EVP_KEYMGMT_fetch(fixture->ctx1, "RSA", NULL))
|
---|
222 | || !TEST_ptr(km2 = EVP_KEYMGMT_fetch(fixture->ctx2, "RSA", NULL))
|
---|
223 | || !TEST_ptr(km3 = EVP_KEYMGMT_fetch(fixture->ctx1, "RSA-PSS", NULL))
|
---|
224 | || !TEST_ptr_ne(km1, km2))
|
---|
225 | goto err;
|
---|
226 |
|
---|
227 | while (dup_pk == NULL) {
|
---|
228 | ret = 0;
|
---|
229 | km = km3;
|
---|
230 | /* Check that we can't export an RSA key into an RSA-PSS keymanager */
|
---|
231 | if (!TEST_ptr_null(provkey2 = evp_pkey_export_to_provider(pk, NULL,
|
---|
232 | &km,
|
---|
233 | NULL)))
|
---|
234 | goto err;
|
---|
235 |
|
---|
236 | if (!TEST_ptr(provkey = evp_pkey_export_to_provider(pk, NULL, &km1,
|
---|
237 | NULL))
|
---|
238 | || !TEST_true(evp_keymgmt_export(km2, provkey,
|
---|
239 | OSSL_KEYMGMT_SELECT_KEYPAIR,
|
---|
240 | &export_cb, keydata)))
|
---|
241 | goto err;
|
---|
242 |
|
---|
243 | /*
|
---|
244 | * At this point, the hope is that keydata will have all the numbers
|
---|
245 | * from the key.
|
---|
246 | */
|
---|
247 |
|
---|
248 | for (i = 0; i < OSSL_NELEM(expected); i++) {
|
---|
249 | int rv = TEST_int_eq(expected[i], keydata[i]);
|
---|
250 |
|
---|
251 | if (!rv)
|
---|
252 | TEST_info("i = %zu", i);
|
---|
253 | else
|
---|
254 | ret++;
|
---|
255 | }
|
---|
256 |
|
---|
257 | ret = (ret == OSSL_NELEM(expected));
|
---|
258 | if (!ret || !TEST_ptr(dup_pk = EVP_PKEY_dup(pk)))
|
---|
259 | goto err;
|
---|
260 |
|
---|
261 | ret = TEST_int_eq(EVP_PKEY_eq(pk, dup_pk), 1);
|
---|
262 | EVP_PKEY_free(pk);
|
---|
263 | pk = dup_pk;
|
---|
264 | if (!ret)
|
---|
265 | goto err;
|
---|
266 | }
|
---|
267 |
|
---|
268 | err:
|
---|
269 | RSA_free(rsa);
|
---|
270 | BN_free(bn1);
|
---|
271 | BN_free(bn2);
|
---|
272 | BN_free(bn3);
|
---|
273 | EVP_PKEY_free(pk);
|
---|
274 | EVP_KEYMGMT_free(km1);
|
---|
275 | EVP_KEYMGMT_free(km2);
|
---|
276 | EVP_KEYMGMT_free(km3);
|
---|
277 |
|
---|
278 | return ret;
|
---|
279 | }
|
---|
280 |
|
---|
281 | static int (*tests[])(FIXTURE *) = {
|
---|
282 | test_pass_rsa
|
---|
283 | };
|
---|
284 |
|
---|
285 | static int test_pass_key(int n)
|
---|
286 | {
|
---|
287 | SETUP_TEST_FIXTURE(FIXTURE, set_up);
|
---|
288 | EXECUTE_TEST(tests[n], tear_down);
|
---|
289 | return result;
|
---|
290 | }
|
---|
291 |
|
---|
292 | static int test_evp_pkey_export_to_provider(int n)
|
---|
293 | {
|
---|
294 | OSSL_LIB_CTX *libctx = NULL;
|
---|
295 | OSSL_PROVIDER *prov = NULL;
|
---|
296 | X509 *cert = NULL;
|
---|
297 | BIO *bio = NULL;
|
---|
298 | X509_PUBKEY *pubkey = NULL;
|
---|
299 | EVP_KEYMGMT *keymgmt = NULL;
|
---|
300 | EVP_PKEY *pkey = NULL;
|
---|
301 | void *keydata = NULL;
|
---|
302 | int ret = 0;
|
---|
303 |
|
---|
304 | if (!TEST_ptr(libctx = OSSL_LIB_CTX_new())
|
---|
305 | || !TEST_ptr(prov = OSSL_PROVIDER_load(libctx, "default")))
|
---|
306 | goto end;
|
---|
307 |
|
---|
308 | if ((bio = BIO_new_file(cert_filename, "r")) == NULL) {
|
---|
309 | TEST_error("Couldn't open '%s' for reading\n", cert_filename);
|
---|
310 | TEST_openssl_errors();
|
---|
311 | goto end;
|
---|
312 | }
|
---|
313 |
|
---|
314 | if ((cert = PEM_read_bio_X509(bio, NULL, NULL, NULL)) == NULL) {
|
---|
315 | TEST_error("'%s' doesn't appear to be a X.509 certificate in PEM format\n",
|
---|
316 | cert_filename);
|
---|
317 | TEST_openssl_errors();
|
---|
318 | goto end;
|
---|
319 | }
|
---|
320 |
|
---|
321 | pubkey = X509_get_X509_PUBKEY(cert);
|
---|
322 | pkey = X509_PUBKEY_get0(pubkey);
|
---|
323 |
|
---|
324 | if (n == 0) {
|
---|
325 | if (!TEST_ptr(keydata = evp_pkey_export_to_provider(pkey, NULL,
|
---|
326 | NULL, NULL)))
|
---|
327 | goto end;
|
---|
328 | } else if (n == 1) {
|
---|
329 | if (!TEST_ptr(keydata = evp_pkey_export_to_provider(pkey, NULL,
|
---|
330 | &keymgmt, NULL)))
|
---|
331 | goto end;
|
---|
332 | } else {
|
---|
333 | keymgmt = EVP_KEYMGMT_fetch(libctx, "RSA", NULL);
|
---|
334 |
|
---|
335 | if (!TEST_ptr(keydata = evp_pkey_export_to_provider(pkey, NULL,
|
---|
336 | &keymgmt, NULL)))
|
---|
337 | goto end;
|
---|
338 | }
|
---|
339 |
|
---|
340 | ret = 1;
|
---|
341 | end:
|
---|
342 | BIO_free(bio);
|
---|
343 | X509_free(cert);
|
---|
344 | EVP_KEYMGMT_free(keymgmt);
|
---|
345 | OSSL_PROVIDER_unload(prov);
|
---|
346 | OSSL_LIB_CTX_free(libctx);
|
---|
347 | return ret;
|
---|
348 | }
|
---|
349 |
|
---|
350 | int setup_tests(void)
|
---|
351 | {
|
---|
352 | if (!TEST_ptr(cert_filename = test_get_argument(0)))
|
---|
353 | return 0;
|
---|
354 |
|
---|
355 | ADD_ALL_TESTS(test_pass_key, 1);
|
---|
356 | ADD_ALL_TESTS(test_evp_pkey_export_to_provider, 3);
|
---|
357 | return 1;
|
---|
358 | }
|
---|