358 lines
12 KiB
Diff
358 lines
12 KiB
Diff
|
From e5202fbd461cb6c067874987998e91c6093e5267 Mon Sep 17 00:00:00 2001
|
||
|
From: Simo Sorce <simo@redhat.com>
|
||
|
Date: Fri, 11 Nov 2022 12:18:26 -0500
|
||
|
Subject: [PATCH 3/3] Add test for EVP_PKEY_eq
|
||
|
|
||
|
This tests that the comparison work even if a provider can only return
|
||
|
a public key.
|
||
|
|
||
|
Signed-off-by: Simo Sorce <simo@redhat.com>
|
||
|
|
||
|
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
|
||
|
Reviewed-by: Tomas Mraz <tomas@openssl.org>
|
||
|
(Merged from https://github.com/openssl/openssl/pull/19648)
|
||
|
|
||
|
diff --git a/test/fake_rsaprov.c b/test/fake_rsaprov.c
|
||
|
index d556551bb6..5e92e72d4b 100644
|
||
|
--- a/test/fake_rsaprov.c
|
||
|
+++ b/test/fake_rsaprov.c
|
||
|
@@ -22,24 +22,34 @@ static OSSL_FUNC_keymgmt_has_fn fake_rsa_keymgmt_has;
|
||
|
static OSSL_FUNC_keymgmt_query_operation_name_fn fake_rsa_keymgmt_query;
|
||
|
static OSSL_FUNC_keymgmt_import_fn fake_rsa_keymgmt_import;
|
||
|
static OSSL_FUNC_keymgmt_import_types_fn fake_rsa_keymgmt_imptypes;
|
||
|
+static OSSL_FUNC_keymgmt_export_fn fake_rsa_keymgmt_export;
|
||
|
+static OSSL_FUNC_keymgmt_export_types_fn fake_rsa_keymgmt_exptypes;
|
||
|
static OSSL_FUNC_keymgmt_load_fn fake_rsa_keymgmt_load;
|
||
|
|
||
|
static int has_selection;
|
||
|
static int imptypes_selection;
|
||
|
+static int exptypes_selection;
|
||
|
static int query_id;
|
||
|
|
||
|
+struct fake_rsa_keydata {
|
||
|
+ int selection;
|
||
|
+ int status;
|
||
|
+};
|
||
|
+
|
||
|
static void *fake_rsa_keymgmt_new(void *provctx)
|
||
|
{
|
||
|
- unsigned char *keydata = OPENSSL_zalloc(1);
|
||
|
+ struct fake_rsa_keydata *key;
|
||
|
|
||
|
- TEST_ptr(keydata);
|
||
|
+ if (!TEST_ptr(key = OPENSSL_zalloc(sizeof(struct fake_rsa_keydata))))
|
||
|
+ return NULL;
|
||
|
|
||
|
/* clear test globals */
|
||
|
has_selection = 0;
|
||
|
imptypes_selection = 0;
|
||
|
+ exptypes_selection = 0;
|
||
|
query_id = 0;
|
||
|
|
||
|
- return keydata;
|
||
|
+ return key;
|
||
|
}
|
||
|
|
||
|
static void fake_rsa_keymgmt_free(void *keydata)
|
||
|
@@ -67,14 +77,104 @@ static const char *fake_rsa_keymgmt_query(int id)
|
||
|
static int fake_rsa_keymgmt_import(void *keydata, int selection,
|
||
|
const OSSL_PARAM *p)
|
||
|
{
|
||
|
- unsigned char *fake_rsa_key = keydata;
|
||
|
+ struct fake_rsa_keydata *fake_rsa_key = keydata;
|
||
|
|
||
|
/* key was imported */
|
||
|
- *fake_rsa_key = 1;
|
||
|
+ fake_rsa_key->status = 1;
|
||
|
|
||
|
return 1;
|
||
|
}
|
||
|
|
||
|
+static unsigned char fake_rsa_n[] =
|
||
|
+ "\x00\xAA\x36\xAB\xCE\x88\xAC\xFD\xFF\x55\x52\x3C\x7F\xC4\x52\x3F"
|
||
|
+ "\x90\xEF\xA0\x0D\xF3\x77\x4A\x25\x9F\x2E\x62\xB4\xC5\xD9\x9C\xB5"
|
||
|
+ "\xAD\xB3\x00\xA0\x28\x5E\x53\x01\x93\x0E\x0C\x70\xFB\x68\x76\x93"
|
||
|
+ "\x9C\xE6\x16\xCE\x62\x4A\x11\xE0\x08\x6D\x34\x1E\xBC\xAC\xA0\xA1"
|
||
|
+ "\xF5";
|
||
|
+
|
||
|
+static unsigned char fake_rsa_e[] = "\x11";
|
||
|
+
|
||
|
+static unsigned char fake_rsa_d[] =
|
||
|
+ "\x0A\x03\x37\x48\x62\x64\x87\x69\x5F\x5F\x30\xBC\x38\xB9\x8B\x44"
|
||
|
+ "\xC2\xCD\x2D\xFF\x43\x40\x98\xCD\x20\xD8\xA1\x38\xD0\x90\xBF\x64"
|
||
|
+ "\x79\x7C\x3F\xA7\xA2\xCD\xCB\x3C\xD1\xE0\xBD\xBA\x26\x54\xB4\xF9"
|
||
|
+ "\xDF\x8E\x8A\xE5\x9D\x73\x3D\x9F\x33\xB3\x01\x62\x4A\xFD\x1D\x51";
|
||
|
+
|
||
|
+static unsigned char fake_rsa_p[] =
|
||
|
+ "\x00\xD8\x40\xB4\x16\x66\xB4\x2E\x92\xEA\x0D\xA3\xB4\x32\x04\xB5"
|
||
|
+ "\xCF\xCE\x33\x52\x52\x4D\x04\x16\xA5\xA4\x41\xE7\x00\xAF\x46\x12"
|
||
|
+ "\x0D";
|
||
|
+
|
||
|
+static unsigned char fake_rsa_q[] =
|
||
|
+ "\x00\xC9\x7F\xB1\xF0\x27\xF4\x53\xF6\x34\x12\x33\xEA\xAA\xD1\xD9"
|
||
|
+ "\x35\x3F\x6C\x42\xD0\x88\x66\xB1\xD0\x5A\x0F\x20\x35\x02\x8B\x9D"
|
||
|
+ "\x89";
|
||
|
+
|
||
|
+static unsigned char fake_rsa_dmp1[] =
|
||
|
+ "\x59\x0B\x95\x72\xA2\xC2\xA9\xC4\x06\x05\x9D\xC2\xAB\x2F\x1D\xAF"
|
||
|
+ "\xEB\x7E\x8B\x4F\x10\xA7\x54\x9E\x8E\xED\xF5\xB4\xFC\xE0\x9E\x05";
|
||
|
+
|
||
|
+static unsigned char fake_rsa_dmq1[] =
|
||
|
+ "\x00\x8E\x3C\x05\x21\xFE\x15\xE0\xEA\x06\xA3\x6F\xF0\xF1\x0C\x99"
|
||
|
+ "\x52\xC3\x5B\x7A\x75\x14\xFD\x32\x38\xB8\x0A\xAD\x52\x98\x62\x8D"
|
||
|
+ "\x51";
|
||
|
+
|
||
|
+static unsigned char fake_rsa_iqmp[] =
|
||
|
+ "\x36\x3F\xF7\x18\x9D\xA8\xE9\x0B\x1D\x34\x1F\x71\xD0\x9B\x76\xA8"
|
||
|
+ "\xA9\x43\xE1\x1D\x10\xB2\x4D\x24\x9F\x2D\xEA\xFE\xF8\x0C\x18\x26";
|
||
|
+
|
||
|
+OSSL_PARAM *fake_rsa_key_params(int priv)
|
||
|
+{
|
||
|
+ if (priv) {
|
||
|
+ OSSL_PARAM params[] = {
|
||
|
+ OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_N, fake_rsa_n,
|
||
|
+ sizeof(fake_rsa_n) -1),
|
||
|
+ OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_E, fake_rsa_e,
|
||
|
+ sizeof(fake_rsa_e) -1),
|
||
|
+ OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_D, fake_rsa_d,
|
||
|
+ sizeof(fake_rsa_d) -1),
|
||
|
+ OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_FACTOR1, fake_rsa_p,
|
||
|
+ sizeof(fake_rsa_p) -1),
|
||
|
+ OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_FACTOR2, fake_rsa_q,
|
||
|
+ sizeof(fake_rsa_q) -1),
|
||
|
+ OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_EXPONENT1, fake_rsa_dmp1,
|
||
|
+ sizeof(fake_rsa_dmp1) -1),
|
||
|
+ OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_EXPONENT2, fake_rsa_dmq1,
|
||
|
+ sizeof(fake_rsa_dmq1) -1),
|
||
|
+ OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_COEFFICIENT1, fake_rsa_iqmp,
|
||
|
+ sizeof(fake_rsa_iqmp) -1),
|
||
|
+ OSSL_PARAM_END
|
||
|
+ };
|
||
|
+ return OSSL_PARAM_dup(params);
|
||
|
+ } else {
|
||
|
+ OSSL_PARAM params[] = {
|
||
|
+ OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_N, fake_rsa_n,
|
||
|
+ sizeof(fake_rsa_n) -1),
|
||
|
+ OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_E, fake_rsa_e,
|
||
|
+ sizeof(fake_rsa_e) -1),
|
||
|
+ OSSL_PARAM_END
|
||
|
+ };
|
||
|
+ return OSSL_PARAM_dup(params);
|
||
|
+ }
|
||
|
+}
|
||
|
+
|
||
|
+static int fake_rsa_keymgmt_export(void *keydata, int selection,
|
||
|
+ OSSL_CALLBACK *param_callback, void *cbarg)
|
||
|
+{
|
||
|
+ OSSL_PARAM *params = NULL;
|
||
|
+ int ret;
|
||
|
+
|
||
|
+ if (selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY)
|
||
|
+ return 0;
|
||
|
+
|
||
|
+ if (!TEST_ptr(params = fake_rsa_key_params(0)))
|
||
|
+ return 0;
|
||
|
+
|
||
|
+ ret = param_callback(params, cbarg);
|
||
|
+ OSSL_PARAM_free(params);
|
||
|
+ return ret;
|
||
|
+}
|
||
|
+
|
||
|
static const OSSL_PARAM fake_rsa_import_key_types[] = {
|
||
|
OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_N, NULL, 0),
|
||
|
OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_E, NULL, 0),
|
||
|
@@ -95,19 +195,33 @@ static const OSSL_PARAM *fake_rsa_keymgmt_imptypes(int selection)
|
||
|
return fake_rsa_import_key_types;
|
||
|
}
|
||
|
|
||
|
+static const OSSL_PARAM fake_rsa_export_key_types[] = {
|
||
|
+ OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_N, NULL, 0),
|
||
|
+ OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_E, NULL, 0),
|
||
|
+ OSSL_PARAM_END
|
||
|
+};
|
||
|
+
|
||
|
+static const OSSL_PARAM *fake_rsa_keymgmt_exptypes(int selection)
|
||
|
+{
|
||
|
+ /* record global for checking */
|
||
|
+ exptypes_selection = selection;
|
||
|
+
|
||
|
+ return fake_rsa_export_key_types;
|
||
|
+}
|
||
|
+
|
||
|
static void *fake_rsa_keymgmt_load(const void *reference, size_t reference_sz)
|
||
|
{
|
||
|
- unsigned char *key = NULL;
|
||
|
+ struct fake_rsa_keydata *key = NULL;
|
||
|
|
||
|
- if (reference_sz != sizeof(key))
|
||
|
+ if (reference_sz != sizeof(*key))
|
||
|
return NULL;
|
||
|
|
||
|
- key = *(unsigned char **)reference;
|
||
|
- if (*key != 1)
|
||
|
+ key = *(struct fake_rsa_keydata **)reference;
|
||
|
+ if (key->status != 1)
|
||
|
return NULL;
|
||
|
|
||
|
/* detach the reference */
|
||
|
- *(unsigned char **)reference = NULL;
|
||
|
+ *(struct fake_rsa_keydata **)reference = NULL;
|
||
|
|
||
|
return key;
|
||
|
}
|
||
|
@@ -129,7 +243,7 @@ static void *fake_rsa_gen(void *genctx, OSSL_CALLBACK *osslcb, void *cbarg)
|
||
|
{
|
||
|
unsigned char *gctx = genctx;
|
||
|
static const unsigned char inited[] = { 1 };
|
||
|
- unsigned char *keydata;
|
||
|
+ struct fake_rsa_keydata *keydata;
|
||
|
|
||
|
if (!TEST_ptr(gctx)
|
||
|
|| !TEST_mem_eq(gctx, sizeof(*gctx), inited, sizeof(inited)))
|
||
|
@@ -138,7 +252,7 @@ static void *fake_rsa_gen(void *genctx, OSSL_CALLBACK *osslcb, void *cbarg)
|
||
|
if (!TEST_ptr(keydata = fake_rsa_keymgmt_new(NULL)))
|
||
|
return NULL;
|
||
|
|
||
|
- *keydata = 2;
|
||
|
+ keydata->status = 2;
|
||
|
return keydata;
|
||
|
}
|
||
|
|
||
|
@@ -156,6 +270,9 @@ static const OSSL_DISPATCH fake_rsa_keymgmt_funcs[] = {
|
||
|
{ OSSL_FUNC_KEYMGMT_IMPORT, (void (*)(void))fake_rsa_keymgmt_import },
|
||
|
{ OSSL_FUNC_KEYMGMT_IMPORT_TYPES,
|
||
|
(void (*)(void))fake_rsa_keymgmt_imptypes },
|
||
|
+ { OSSL_FUNC_KEYMGMT_EXPORT, (void (*)(void))fake_rsa_keymgmt_export },
|
||
|
+ { OSSL_FUNC_KEYMGMT_EXPORT_TYPES,
|
||
|
+ (void (*)(void))fake_rsa_keymgmt_exptypes },
|
||
|
{ OSSL_FUNC_KEYMGMT_LOAD, (void (*)(void))fake_rsa_keymgmt_load },
|
||
|
{ OSSL_FUNC_KEYMGMT_GEN_INIT, (void (*)(void))fake_rsa_gen_init },
|
||
|
{ OSSL_FUNC_KEYMGMT_GEN, (void (*)(void))fake_rsa_gen },
|
||
|
@@ -191,14 +308,14 @@ static int fake_rsa_sig_sign_init(void *ctx, void *provkey,
|
||
|
const OSSL_PARAM params[])
|
||
|
{
|
||
|
unsigned char *sigctx = ctx;
|
||
|
- unsigned char *keydata = provkey;
|
||
|
+ struct fake_rsa_keydata *keydata = provkey;
|
||
|
|
||
|
/* we must have a ctx */
|
||
|
if (!TEST_ptr(sigctx))
|
||
|
return 0;
|
||
|
|
||
|
/* we must have some initialized key */
|
||
|
- if (!TEST_ptr(keydata) || !TEST_int_gt(keydata[0], 0))
|
||
|
+ if (!TEST_ptr(keydata) || !TEST_int_gt(keydata->status, 0))
|
||
|
return 0;
|
||
|
|
||
|
/* record that sign init was called */
|
||
|
@@ -289,7 +406,7 @@ static int fake_rsa_st_load(void *loaderctx,
|
||
|
unsigned char *storectx = loaderctx;
|
||
|
OSSL_PARAM params[4];
|
||
|
int object_type = OSSL_OBJECT_PKEY;
|
||
|
- void *key = NULL;
|
||
|
+ struct fake_rsa_keydata *key = NULL;
|
||
|
int rv = 0;
|
||
|
|
||
|
switch (*storectx) {
|
||
|
@@ -307,7 +424,7 @@ static int fake_rsa_st_load(void *loaderctx,
|
||
|
/* The address of the key becomes the octet string */
|
||
|
params[2] =
|
||
|
OSSL_PARAM_construct_octet_string(OSSL_OBJECT_PARAM_REFERENCE,
|
||
|
- &key, sizeof(key));
|
||
|
+ &key, sizeof(*key));
|
||
|
params[3] = OSSL_PARAM_construct_end();
|
||
|
rv = object_cb(params, object_cbarg);
|
||
|
*storectx = 1;
|
||
|
diff --git a/test/fake_rsaprov.h b/test/fake_rsaprov.h
|
||
|
index 57de1ecf8d..190c46a285 100644
|
||
|
--- a/test/fake_rsaprov.h
|
||
|
+++ b/test/fake_rsaprov.h
|
||
|
@@ -12,3 +12,4 @@
|
||
|
/* Fake RSA provider implementation */
|
||
|
OSSL_PROVIDER *fake_rsa_start(OSSL_LIB_CTX *libctx);
|
||
|
void fake_rsa_finish(OSSL_PROVIDER *p);
|
||
|
+OSSL_PARAM *fake_rsa_key_params(int priv);
|
||
|
diff --git a/test/provider_pkey_test.c b/test/provider_pkey_test.c
|
||
|
index 5c398398f4..3b190baa5e 100644
|
||
|
--- a/test/provider_pkey_test.c
|
||
|
+++ b/test/provider_pkey_test.c
|
||
|
@@ -176,6 +176,67 @@ end:
|
||
|
return ret;
|
||
|
}
|
||
|
|
||
|
+static int test_pkey_eq(void)
|
||
|
+{
|
||
|
+ OSSL_PROVIDER *deflt = NULL;
|
||
|
+ OSSL_PROVIDER *fake_rsa = NULL;
|
||
|
+ EVP_PKEY *pkey_fake = NULL;
|
||
|
+ EVP_PKEY *pkey_dflt = NULL;
|
||
|
+ EVP_PKEY_CTX *ctx = NULL;
|
||
|
+ OSSL_PARAM *params = NULL;
|
||
|
+ int ret = 0;
|
||
|
+
|
||
|
+ if (!TEST_ptr(fake_rsa = fake_rsa_start(libctx)))
|
||
|
+ return 0;
|
||
|
+
|
||
|
+ if (!TEST_ptr(deflt = OSSL_PROVIDER_load(libctx, "default")))
|
||
|
+ goto end;
|
||
|
+
|
||
|
+ /* Construct a public key for fake-rsa */
|
||
|
+ if (!TEST_ptr(params = fake_rsa_key_params(0))
|
||
|
+ || !TEST_ptr(ctx = EVP_PKEY_CTX_new_from_name(libctx, "RSA",
|
||
|
+ "provider=fake-rsa"))
|
||
|
+ || !TEST_true(EVP_PKEY_fromdata_init(ctx))
|
||
|
+ || !TEST_true(EVP_PKEY_fromdata(ctx, &pkey_fake, EVP_PKEY_PUBLIC_KEY,
|
||
|
+ params))
|
||
|
+ || !TEST_ptr(pkey_fake))
|
||
|
+ goto end;
|
||
|
+
|
||
|
+ EVP_PKEY_CTX_free(ctx);
|
||
|
+ ctx = NULL;
|
||
|
+ OSSL_PARAM_free(params);
|
||
|
+ params = NULL;
|
||
|
+
|
||
|
+ /* Construct a public key for default */
|
||
|
+ if (!TEST_ptr(params = fake_rsa_key_params(0))
|
||
|
+ || !TEST_ptr(ctx = EVP_PKEY_CTX_new_from_name(libctx, "RSA",
|
||
|
+ "provider=default"))
|
||
|
+ || !TEST_true(EVP_PKEY_fromdata_init(ctx))
|
||
|
+ || !TEST_true(EVP_PKEY_fromdata(ctx, &pkey_dflt, EVP_PKEY_PUBLIC_KEY,
|
||
|
+ params))
|
||
|
+ || !TEST_ptr(pkey_dflt))
|
||
|
+ goto end;
|
||
|
+
|
||
|
+ EVP_PKEY_CTX_free(ctx);
|
||
|
+ ctx = NULL;
|
||
|
+ OSSL_PARAM_free(params);
|
||
|
+ params = NULL;
|
||
|
+
|
||
|
+ /* now test for equality */
|
||
|
+ if (!TEST_int_eq(EVP_PKEY_eq(pkey_fake, pkey_dflt), 1))
|
||
|
+ goto end;
|
||
|
+
|
||
|
+ ret = 1;
|
||
|
+end:
|
||
|
+ fake_rsa_finish(fake_rsa);
|
||
|
+ OSSL_PROVIDER_unload(deflt);
|
||
|
+ EVP_PKEY_CTX_free(ctx);
|
||
|
+ EVP_PKEY_free(pkey_fake);
|
||
|
+ EVP_PKEY_free(pkey_dflt);
|
||
|
+ OSSL_PARAM_free(params);
|
||
|
+ return ret;
|
||
|
+}
|
||
|
+
|
||
|
static int test_pkey_store(int idx)
|
||
|
{
|
||
|
OSSL_PROVIDER *deflt = NULL;
|
||
|
@@ -235,6 +296,7 @@ int setup_tests(void)
|
||
|
|
||
|
ADD_TEST(test_pkey_sig);
|
||
|
ADD_TEST(test_alternative_keygen_init);
|
||
|
+ ADD_TEST(test_pkey_eq);
|
||
|
ADD_ALL_TESTS(test_pkey_store, 2);
|
||
|
|
||
|
return 1;
|
||
|
--
|
||
|
2.38.1
|
||
|
|