keymgmt_internal_test.c@ 105949

最後變更在這個檔案從105949是 105949,由 vboxsync 提交於 2 月前
openssl-3.1.7: Applied and adjusted our OpenSSL changes to 3.1.7. bugref:10757
檔案大小: 11.4 KB

行
1	/*
2	* Copyright 2019-2022 The OpenSSL Project Authors. All Rights Reserved.
3	*
4	* Licensed under the Apache License 2.0 (the "License"). You may not use
5	* this file except in compliance with the License. You can obtain a copy
6	* in the file LICENSE in the source distribution or at
7	* https://www.openssl.org/source/license.html
8	*/
9
10	/*
11	* RSA low level APIs are deprecated for public use, but still ok for
12	* internal use.
13	*/
14	#include "internal/deprecated.h"
15
16	#include <string.h>
17
18	#include <openssl/bio.h>
19	#include <openssl/bn.h>
20	#include <openssl/rsa.h>
21	#include <openssl/evp.h>
22	#include <openssl/pem.h>
23	#include <openssl/provider.h>
24	#include <openssl/core_names.h>
25	#include "internal/core.h"
26	#include "internal/nelem.h"
27	#include "crypto/evp.h" /* For the internal API */
28	#include "testutil.h"
29
30	typedef struct {
31	OSSL_LIB_CTX *ctx1;
32	OSSL_PROVIDER *prov1;
33	OSSL_LIB_CTX *ctx2;
34	OSSL_PROVIDER *prov2;
35	} FIXTURE;
36
37	/* Collected arguments */
38	static const char *cert_filename = NULL;
39
40	static void tear_down(FIXTURE *fixture)
41	{
42	if (fixture != NULL) {
43	OSSL_PROVIDER_unload(fixture->prov1);
44	OSSL_PROVIDER_unload(fixture->prov2);
45	OSSL_LIB_CTX_free(fixture->ctx1);
46	OSSL_LIB_CTX_free(fixture->ctx2);
47	OPENSSL_free(fixture);
48	}
49	}
50
51	static FIXTURE set_up(const char testcase_name)
52	{
53	FIXTURE *fixture;
54
55	if (!TEST_ptr(fixture = OPENSSL_zalloc(sizeof(*fixture)))
56	\|\| !TEST_ptr(fixture->ctx1 = OSSL_LIB_CTX_new())
57	\|\| !TEST_ptr(fixture->prov1 = OSSL_PROVIDER_load(fixture->ctx1,
58	"default"))
59	\|\| !TEST_ptr(fixture->ctx2 = OSSL_LIB_CTX_new())
60	\|\| !TEST_ptr(fixture->prov2 = OSSL_PROVIDER_load(fixture->ctx2,
61	"default"))) {
62	tear_down(fixture);
63	return NULL;
64	}
65	return fixture;
66	}
67
68	/* Array indexes */
69	#define N 0
70	#define E 1
71	#define D 2
72	#define P 3
73	#define Q 4
74	#define F3 5 /* Extra factor */
75	#define DP 6
76	#define DQ 7
77	#define E3 8 /* Extra exponent */
78	#define QINV 9
79	#define C2 10 /* Extra coefficient */
80
81	/*
82	* We have to do this because OSSL_PARAM_get_ulong() can't handle params
83	* holding data that isn't exactly sizeof(uint32_t) or sizeof(uint64_t),
84	* and because the other end deals with BIGNUM, the resulting param might
85	* be any size. In this particular test, we know that the expected data
86	* fits within an unsigned long, and we want to get the data in that form
87	* to make testing of values easier.
88	*/
89	static int get_ulong_via_BN(const OSSL_PARAM p, unsigned long goal)
90	{
91	BIGNUM *n = NULL;
92	int ret = 1; /* Ever so hopeful */
93
94	if (!TEST_true(OSSL_PARAM_get_BN(p, &n))
95	\|\| !TEST_int_ge(BN_bn2nativepad(n, (unsigned char )goal, sizeof(goal)), 0))
96	ret = 0;
97	BN_free(n);
98	return ret;
99	}
100
101	static int export_cb(const OSSL_PARAM params, void arg)
102	{
103	unsigned long *keydata = arg;
104	const OSSL_PARAM *p = NULL;
105
106	if (keydata == NULL)
107	return 0;
108
109	if (!TEST_ptr(p = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_RSA_N))
110	\|\| !TEST_true(get_ulong_via_BN(p, &keydata[N]))
111	\|\| !TEST_ptr(p = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_RSA_E))
112	\|\| !TEST_true(get_ulong_via_BN(p, &keydata[E]))
113	\|\| !TEST_ptr(p = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_RSA_D))
114	\|\| !TEST_true(get_ulong_via_BN(p, &keydata[D])))
115	return 0;
116
117	if (!TEST_ptr(p = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_RSA_FACTOR1))
118	\|\| !TEST_true(get_ulong_via_BN(p, &keydata[P]))
119	\|\| !TEST_ptr(p = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_RSA_FACTOR2))
120	\|\| !TEST_true(get_ulong_via_BN(p, &keydata[Q]))
121	\|\| !TEST_ptr(p = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_RSA_FACTOR3))
122	\|\| !TEST_true(get_ulong_via_BN(p, &keydata[F3])))
123	return 0;
124
125	if (!TEST_ptr(p = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_RSA_EXPONENT1))
126	\|\| !TEST_true(get_ulong_via_BN(p, &keydata[DP]))
127	\|\| !TEST_ptr(p = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_RSA_EXPONENT2))
128	\|\| !TEST_true(get_ulong_via_BN(p, &keydata[DQ]))
129	\|\| !TEST_ptr(p = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_RSA_EXPONENT3))
130	\|\| !TEST_true(get_ulong_via_BN(p, &keydata[E3])))
131	return 0;
132
133	if (!TEST_ptr(p = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_RSA_COEFFICIENT1))
134	\|\| !TEST_true(get_ulong_via_BN(p, &keydata[QINV]))
135	\|\| !TEST_ptr(p = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_RSA_COEFFICIENT2))
136	\|\| !TEST_true(get_ulong_via_BN(p, &keydata[C2])))
137	return 0;
138
139	return 1;
140	}
141
142	static int test_pass_rsa(FIXTURE *fixture)
143	{
144	size_t i;
145	int ret = 0;
146	RSA *rsa = NULL;
147	BIGNUM bn1 = NULL, bn2 = NULL, *bn3 = NULL;
148	EVP_PKEY pk = NULL, dup_pk = NULL;
149	EVP_KEYMGMT km = NULL, km1 = NULL, km2 = NULL, km3 = NULL;
150	void provkey = NULL, provkey2 = NULL;
151	BIGNUM *bn_primes[1] = { NULL };
152	BIGNUM *bn_exps[1] = { NULL };
153	BIGNUM *bn_coeffs[1] = { NULL };
154	/*
155	* 32-bit RSA key, extracted from this command,
156	* executed with OpenSSL 1.0.2:
157	* An extra factor was added just for testing purposes.
158	*
159	* openssl genrsa 32 \| openssl rsa -text
160	*/
161	static BN_ULONG expected[] = {
162	0xbc747fc5, /* N */
163	0x10001, /* E */
164	0x7b133399, /* D */
165	0xe963, /* P */
166	0xceb7, /* Q */
167	1, /* F3 */
168	0x8599, /* DP */
169	0xbd87, /* DQ */
170	2, /* E3 */
171	0xcc3b, /* QINV */
172	3, /* C3 */
173	0 /* Extra, should remain zero */
174	};
175	static unsigned long keydata[OSSL_NELEM(expected)] = { 0, };
176
177	if (!TEST_ptr(rsa = RSA_new()))
178	goto err;
179
180	if (!TEST_ptr(bn1 = BN_new())
181	\|\| !TEST_true(BN_set_word(bn1, expected[N]))
182	\|\| !TEST_ptr(bn2 = BN_new())
183	\|\| !TEST_true(BN_set_word(bn2, expected[E]))
184	\|\| !TEST_ptr(bn3 = BN_new())
185	\|\| !TEST_true(BN_set_word(bn3, expected[D]))
186	\|\| !TEST_true(RSA_set0_key(rsa, bn1, bn2, bn3)))
187	goto err;
188
189	if (!TEST_ptr(bn1 = BN_new())
190	\|\| !TEST_true(BN_set_word(bn1, expected[P]))
191	\|\| !TEST_ptr(bn2 = BN_new())
192	\|\| !TEST_true(BN_set_word(bn2, expected[Q]))
193	\|\| !TEST_true(RSA_set0_factors(rsa, bn1, bn2)))
194	goto err;
195
196	if (!TEST_ptr(bn1 = BN_new())
197	\|\| !TEST_true(BN_set_word(bn1, expected[DP]))
198	\|\| !TEST_ptr(bn2 = BN_new())
199	\|\| !TEST_true(BN_set_word(bn2, expected[DQ]))
200	\|\| !TEST_ptr(bn3 = BN_new())
201	\|\| !TEST_true(BN_set_word(bn3, expected[QINV]))
202	\|\| !TEST_true(RSA_set0_crt_params(rsa, bn1, bn2, bn3)))
203	goto err;
204	bn1 = bn2 = bn3 = NULL;
205
206	if (!TEST_ptr(bn_primes[0] = BN_new())
207	\|\| !TEST_true(BN_set_word(bn_primes[0], expected[F3]))
208	\|\| !TEST_ptr(bn_exps[0] = BN_new())
209	\|\| !TEST_true(BN_set_word(bn_exps[0], expected[E3]))
210	\|\| !TEST_ptr(bn_coeffs[0] = BN_new())
211	\|\| !TEST_true(BN_set_word(bn_coeffs[0], expected[C2]))
212	\|\| !TEST_true(RSA_set0_multi_prime_params(rsa, bn_primes, bn_exps,
213	bn_coeffs, 1)))
214	goto err;
215
216	if (!TEST_ptr(pk = EVP_PKEY_new())
217	\|\| !TEST_true(EVP_PKEY_assign_RSA(pk, rsa)))
218	goto err;
219	rsa = NULL;
220
221	if (!TEST_ptr(km1 = EVP_KEYMGMT_fetch(fixture->ctx1, "RSA", NULL))
222	\|\| !TEST_ptr(km2 = EVP_KEYMGMT_fetch(fixture->ctx2, "RSA", NULL))
223	\|\| !TEST_ptr(km3 = EVP_KEYMGMT_fetch(fixture->ctx1, "RSA-PSS", NULL))
224	\|\| !TEST_ptr_ne(km1, km2))
225	goto err;
226
227	while (dup_pk == NULL) {
228	ret = 0;
229	km = km3;
230	/* Check that we can't export an RSA key into an RSA-PSS keymanager */
231	if (!TEST_ptr_null(provkey2 = evp_pkey_export_to_provider(pk, NULL,
232	&km,
233	NULL)))
234	goto err;
235
236	if (!TEST_ptr(provkey = evp_pkey_export_to_provider(pk, NULL, &km1,
237	NULL))
238	\|\| !TEST_true(evp_keymgmt_export(km2, provkey,
239	OSSL_KEYMGMT_SELECT_KEYPAIR,
240	&export_cb, keydata)))
241	goto err;
242
243	/*
244	* At this point, the hope is that keydata will have all the numbers
245	* from the key.
246	*/
247
248	for (i = 0; i < OSSL_NELEM(expected); i++) {
249	int rv = TEST_int_eq(expected[i], keydata[i]);
250
251	if (!rv)
252	TEST_info("i = %zu", i);
253	else
254	ret++;
255	}
256
257	ret = (ret == OSSL_NELEM(expected));
258	if (!ret \|\| !TEST_ptr(dup_pk = EVP_PKEY_dup(pk)))
259	goto err;
260
261	ret = TEST_int_eq(EVP_PKEY_eq(pk, dup_pk), 1);
262	EVP_PKEY_free(pk);
263	pk = dup_pk;
264	if (!ret)
265	goto err;
266	}
267
268	err:
269	RSA_free(rsa);
270	BN_free(bn1);
271	BN_free(bn2);
272	BN_free(bn3);
273	EVP_PKEY_free(pk);
274	EVP_KEYMGMT_free(km1);
275	EVP_KEYMGMT_free(km2);
276	EVP_KEYMGMT_free(km3);
277
278	return ret;
279	}
280
281	static int (tests[])(FIXTURE ) = {
282	test_pass_rsa
283	};
284
285	static int test_pass_key(int n)
286	{
287	SETUP_TEST_FIXTURE(FIXTURE, set_up);
288	EXECUTE_TEST(tests[n], tear_down);
289	return result;
290	}
291
292	static int test_evp_pkey_export_to_provider(int n)
293	{
294	OSSL_LIB_CTX *libctx = NULL;
295	OSSL_PROVIDER *prov = NULL;
296	X509 *cert = NULL;
297	BIO *bio = NULL;
298	X509_PUBKEY *pubkey = NULL;
299	EVP_KEYMGMT *keymgmt = NULL;
300	EVP_PKEY *pkey = NULL;
301	void *keydata = NULL;
302	int ret = 0;
303
304	if (!TEST_ptr(libctx = OSSL_LIB_CTX_new())
305	\|\| !TEST_ptr(prov = OSSL_PROVIDER_load(libctx, "default")))
306	goto end;
307
308	if ((bio = BIO_new_file(cert_filename, "r")) == NULL) {
309	TEST_error("Couldn't open '%s' for reading\n", cert_filename);
310	TEST_openssl_errors();
311	goto end;
312	}
313
314	if ((cert = PEM_read_bio_X509(bio, NULL, NULL, NULL)) == NULL) {
315	TEST_error("'%s' doesn't appear to be a X.509 certificate in PEM format\n",
316	cert_filename);
317	TEST_openssl_errors();
318	goto end;
319	}
320
321	pubkey = X509_get_X509_PUBKEY(cert);
322	pkey = X509_PUBKEY_get0(pubkey);
323
324	if (n == 0) {
325	if (!TEST_ptr(keydata = evp_pkey_export_to_provider(pkey, NULL,
326	NULL, NULL)))
327	goto end;
328	} else if (n == 1) {
329	if (!TEST_ptr(keydata = evp_pkey_export_to_provider(pkey, NULL,
330	&keymgmt, NULL)))
331	goto end;
332	} else {
333	keymgmt = EVP_KEYMGMT_fetch(libctx, "RSA", NULL);
334
335	if (!TEST_ptr(keydata = evp_pkey_export_to_provider(pkey, NULL,
336	&keymgmt, NULL)))
337	goto end;
338	}
339
340	ret = 1;
341	end:
342	BIO_free(bio);
343	X509_free(cert);
344	EVP_KEYMGMT_free(keymgmt);
345	OSSL_PROVIDER_unload(prov);
346	OSSL_LIB_CTX_free(libctx);
347	return ret;
348	}
349
350	int setup_tests(void)
351	{
352	if (!TEST_ptr(cert_filename = test_get_argument(0)))
353	return 0;
354
355	ADD_ALL_TESTS(test_pass_key, 1);
356	ADD_ALL_TESTS(test_evp_pkey_export_to_provider, 3);
357	return 1;
358	}

注意: 瀏覽 TracBrowser 來幫助您使用儲存庫瀏覽器

source: vbox/trunk/src/libs/openssl-3.1.7/test/keymgmt_internal_test.c@ 105949

以其他格式下載: