openssl/0084-Add-test-for-EVP_PKEY_eq.patch

358 lines
12 KiB
Diff
Raw Normal View History

From e5202fbd461cb6c067874987998e91c6093e5267 Mon Sep 17 00:00:00 2001
From: Simo Sorce <simo@redhat.com>
Date: Fri, 11 Nov 2022 12:18:26 -0500
Subject: [PATCH 3/3] Add test for EVP_PKEY_eq
This tests that the comparison work even if a provider can only return
a public key.
Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19648)
diff --git a/test/fake_rsaprov.c b/test/fake_rsaprov.c
index d556551bb6..5e92e72d4b 100644
--- a/test/fake_rsaprov.c
+++ b/test/fake_rsaprov.c
@@ -22,24 +22,34 @@ static OSSL_FUNC_keymgmt_has_fn fake_rsa_keymgmt_has;
static OSSL_FUNC_keymgmt_query_operation_name_fn fake_rsa_keymgmt_query;
static OSSL_FUNC_keymgmt_import_fn fake_rsa_keymgmt_import;
static OSSL_FUNC_keymgmt_import_types_fn fake_rsa_keymgmt_imptypes;
+static OSSL_FUNC_keymgmt_export_fn fake_rsa_keymgmt_export;
+static OSSL_FUNC_keymgmt_export_types_fn fake_rsa_keymgmt_exptypes;
static OSSL_FUNC_keymgmt_load_fn fake_rsa_keymgmt_load;
static int has_selection;
static int imptypes_selection;
+static int exptypes_selection;
static int query_id;
+struct fake_rsa_keydata {
+ int selection;
+ int status;
+};
+
static void *fake_rsa_keymgmt_new(void *provctx)
{
- unsigned char *keydata = OPENSSL_zalloc(1);
+ struct fake_rsa_keydata *key;
- TEST_ptr(keydata);
+ if (!TEST_ptr(key = OPENSSL_zalloc(sizeof(struct fake_rsa_keydata))))
+ return NULL;
/* clear test globals */
has_selection = 0;
imptypes_selection = 0;
+ exptypes_selection = 0;
query_id = 0;
- return keydata;
+ return key;
}
static void fake_rsa_keymgmt_free(void *keydata)
@@ -67,14 +77,104 @@ static const char *fake_rsa_keymgmt_query(int id)
static int fake_rsa_keymgmt_import(void *keydata, int selection,
const OSSL_PARAM *p)
{
- unsigned char *fake_rsa_key = keydata;
+ struct fake_rsa_keydata *fake_rsa_key = keydata;
/* key was imported */
- *fake_rsa_key = 1;
+ fake_rsa_key->status = 1;
return 1;
}
+static unsigned char fake_rsa_n[] =
+ "\x00\xAA\x36\xAB\xCE\x88\xAC\xFD\xFF\x55\x52\x3C\x7F\xC4\x52\x3F"
+ "\x90\xEF\xA0\x0D\xF3\x77\x4A\x25\x9F\x2E\x62\xB4\xC5\xD9\x9C\xB5"
+ "\xAD\xB3\x00\xA0\x28\x5E\x53\x01\x93\x0E\x0C\x70\xFB\x68\x76\x93"
+ "\x9C\xE6\x16\xCE\x62\x4A\x11\xE0\x08\x6D\x34\x1E\xBC\xAC\xA0\xA1"
+ "\xF5";
+
+static unsigned char fake_rsa_e[] = "\x11";
+
+static unsigned char fake_rsa_d[] =
+ "\x0A\x03\x37\x48\x62\x64\x87\x69\x5F\x5F\x30\xBC\x38\xB9\x8B\x44"
+ "\xC2\xCD\x2D\xFF\x43\x40\x98\xCD\x20\xD8\xA1\x38\xD0\x90\xBF\x64"
+ "\x79\x7C\x3F\xA7\xA2\xCD\xCB\x3C\xD1\xE0\xBD\xBA\x26\x54\xB4\xF9"
+ "\xDF\x8E\x8A\xE5\x9D\x73\x3D\x9F\x33\xB3\x01\x62\x4A\xFD\x1D\x51";
+
+static unsigned char fake_rsa_p[] =
+ "\x00\xD8\x40\xB4\x16\x66\xB4\x2E\x92\xEA\x0D\xA3\xB4\x32\x04\xB5"
+ "\xCF\xCE\x33\x52\x52\x4D\x04\x16\xA5\xA4\x41\xE7\x00\xAF\x46\x12"
+ "\x0D";
+
+static unsigned char fake_rsa_q[] =
+ "\x00\xC9\x7F\xB1\xF0\x27\xF4\x53\xF6\x34\x12\x33\xEA\xAA\xD1\xD9"
+ "\x35\x3F\x6C\x42\xD0\x88\x66\xB1\xD0\x5A\x0F\x20\x35\x02\x8B\x9D"
+ "\x89";
+
+static unsigned char fake_rsa_dmp1[] =
+ "\x59\x0B\x95\x72\xA2\xC2\xA9\xC4\x06\x05\x9D\xC2\xAB\x2F\x1D\xAF"
+ "\xEB\x7E\x8B\x4F\x10\xA7\x54\x9E\x8E\xED\xF5\xB4\xFC\xE0\x9E\x05";
+
+static unsigned char fake_rsa_dmq1[] =
+ "\x00\x8E\x3C\x05\x21\xFE\x15\xE0\xEA\x06\xA3\x6F\xF0\xF1\x0C\x99"
+ "\x52\xC3\x5B\x7A\x75\x14\xFD\x32\x38\xB8\x0A\xAD\x52\x98\x62\x8D"
+ "\x51";
+
+static unsigned char fake_rsa_iqmp[] =
+ "\x36\x3F\xF7\x18\x9D\xA8\xE9\x0B\x1D\x34\x1F\x71\xD0\x9B\x76\xA8"
+ "\xA9\x43\xE1\x1D\x10\xB2\x4D\x24\x9F\x2D\xEA\xFE\xF8\x0C\x18\x26";
+
+OSSL_PARAM *fake_rsa_key_params(int priv)
+{
+ if (priv) {
+ OSSL_PARAM params[] = {
+ OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_N, fake_rsa_n,
+ sizeof(fake_rsa_n) -1),
+ OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_E, fake_rsa_e,
+ sizeof(fake_rsa_e) -1),
+ OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_D, fake_rsa_d,
+ sizeof(fake_rsa_d) -1),
+ OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_FACTOR1, fake_rsa_p,
+ sizeof(fake_rsa_p) -1),
+ OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_FACTOR2, fake_rsa_q,
+ sizeof(fake_rsa_q) -1),
+ OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_EXPONENT1, fake_rsa_dmp1,
+ sizeof(fake_rsa_dmp1) -1),
+ OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_EXPONENT2, fake_rsa_dmq1,
+ sizeof(fake_rsa_dmq1) -1),
+ OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_COEFFICIENT1, fake_rsa_iqmp,
+ sizeof(fake_rsa_iqmp) -1),
+ OSSL_PARAM_END
+ };
+ return OSSL_PARAM_dup(params);
+ } else {
+ OSSL_PARAM params[] = {
+ OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_N, fake_rsa_n,
+ sizeof(fake_rsa_n) -1),
+ OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_E, fake_rsa_e,
+ sizeof(fake_rsa_e) -1),
+ OSSL_PARAM_END
+ };
+ return OSSL_PARAM_dup(params);
+ }
+}
+
+static int fake_rsa_keymgmt_export(void *keydata, int selection,
+ OSSL_CALLBACK *param_callback, void *cbarg)
+{
+ OSSL_PARAM *params = NULL;
+ int ret;
+
+ if (selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY)
+ return 0;
+
+ if (!TEST_ptr(params = fake_rsa_key_params(0)))
+ return 0;
+
+ ret = param_callback(params, cbarg);
+ OSSL_PARAM_free(params);
+ return ret;
+}
+
static const OSSL_PARAM fake_rsa_import_key_types[] = {
OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_N, NULL, 0),
OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_E, NULL, 0),
@@ -95,19 +195,33 @@ static const OSSL_PARAM *fake_rsa_keymgmt_imptypes(int selection)
return fake_rsa_import_key_types;
}
+static const OSSL_PARAM fake_rsa_export_key_types[] = {
+ OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_N, NULL, 0),
+ OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_E, NULL, 0),
+ OSSL_PARAM_END
+};
+
+static const OSSL_PARAM *fake_rsa_keymgmt_exptypes(int selection)
+{
+ /* record global for checking */
+ exptypes_selection = selection;
+
+ return fake_rsa_export_key_types;
+}
+
static void *fake_rsa_keymgmt_load(const void *reference, size_t reference_sz)
{
- unsigned char *key = NULL;
+ struct fake_rsa_keydata *key = NULL;
- if (reference_sz != sizeof(key))
+ if (reference_sz != sizeof(*key))
return NULL;
- key = *(unsigned char **)reference;
- if (*key != 1)
+ key = *(struct fake_rsa_keydata **)reference;
+ if (key->status != 1)
return NULL;
/* detach the reference */
- *(unsigned char **)reference = NULL;
+ *(struct fake_rsa_keydata **)reference = NULL;
return key;
}
@@ -129,7 +243,7 @@ static void *fake_rsa_gen(void *genctx, OSSL_CALLBACK *osslcb, void *cbarg)
{
unsigned char *gctx = genctx;
static const unsigned char inited[] = { 1 };
- unsigned char *keydata;
+ struct fake_rsa_keydata *keydata;
if (!TEST_ptr(gctx)
|| !TEST_mem_eq(gctx, sizeof(*gctx), inited, sizeof(inited)))
@@ -138,7 +252,7 @@ static void *fake_rsa_gen(void *genctx, OSSL_CALLBACK *osslcb, void *cbarg)
if (!TEST_ptr(keydata = fake_rsa_keymgmt_new(NULL)))
return NULL;
- *keydata = 2;
+ keydata->status = 2;
return keydata;
}
@@ -156,6 +270,9 @@ static const OSSL_DISPATCH fake_rsa_keymgmt_funcs[] = {
{ OSSL_FUNC_KEYMGMT_IMPORT, (void (*)(void))fake_rsa_keymgmt_import },
{ OSSL_FUNC_KEYMGMT_IMPORT_TYPES,
(void (*)(void))fake_rsa_keymgmt_imptypes },
+ { OSSL_FUNC_KEYMGMT_EXPORT, (void (*)(void))fake_rsa_keymgmt_export },
+ { OSSL_FUNC_KEYMGMT_EXPORT_TYPES,
+ (void (*)(void))fake_rsa_keymgmt_exptypes },
{ OSSL_FUNC_KEYMGMT_LOAD, (void (*)(void))fake_rsa_keymgmt_load },
{ OSSL_FUNC_KEYMGMT_GEN_INIT, (void (*)(void))fake_rsa_gen_init },
{ OSSL_FUNC_KEYMGMT_GEN, (void (*)(void))fake_rsa_gen },
@@ -191,14 +308,14 @@ static int fake_rsa_sig_sign_init(void *ctx, void *provkey,
const OSSL_PARAM params[])
{
unsigned char *sigctx = ctx;
- unsigned char *keydata = provkey;
+ struct fake_rsa_keydata *keydata = provkey;
/* we must have a ctx */
if (!TEST_ptr(sigctx))
return 0;
/* we must have some initialized key */
- if (!TEST_ptr(keydata) || !TEST_int_gt(keydata[0], 0))
+ if (!TEST_ptr(keydata) || !TEST_int_gt(keydata->status, 0))
return 0;
/* record that sign init was called */
@@ -289,7 +406,7 @@ static int fake_rsa_st_load(void *loaderctx,
unsigned char *storectx = loaderctx;
OSSL_PARAM params[4];
int object_type = OSSL_OBJECT_PKEY;
- void *key = NULL;
+ struct fake_rsa_keydata *key = NULL;
int rv = 0;
switch (*storectx) {
@@ -307,7 +424,7 @@ static int fake_rsa_st_load(void *loaderctx,
/* The address of the key becomes the octet string */
params[2] =
OSSL_PARAM_construct_octet_string(OSSL_OBJECT_PARAM_REFERENCE,
- &key, sizeof(key));
+ &key, sizeof(*key));
params[3] = OSSL_PARAM_construct_end();
rv = object_cb(params, object_cbarg);
*storectx = 1;
diff --git a/test/fake_rsaprov.h b/test/fake_rsaprov.h
index 57de1ecf8d..190c46a285 100644
--- a/test/fake_rsaprov.h
+++ b/test/fake_rsaprov.h
@@ -12,3 +12,4 @@
/* Fake RSA provider implementation */
OSSL_PROVIDER *fake_rsa_start(OSSL_LIB_CTX *libctx);
void fake_rsa_finish(OSSL_PROVIDER *p);
+OSSL_PARAM *fake_rsa_key_params(int priv);
diff --git a/test/provider_pkey_test.c b/test/provider_pkey_test.c
index 5c398398f4..3b190baa5e 100644
--- a/test/provider_pkey_test.c
+++ b/test/provider_pkey_test.c
@@ -176,6 +176,67 @@ end:
return ret;
}
+static int test_pkey_eq(void)
+{
+ OSSL_PROVIDER *deflt = NULL;
+ OSSL_PROVIDER *fake_rsa = NULL;
+ EVP_PKEY *pkey_fake = NULL;
+ EVP_PKEY *pkey_dflt = NULL;
+ EVP_PKEY_CTX *ctx = NULL;
+ OSSL_PARAM *params = NULL;
+ int ret = 0;
+
+ if (!TEST_ptr(fake_rsa = fake_rsa_start(libctx)))
+ return 0;
+
+ if (!TEST_ptr(deflt = OSSL_PROVIDER_load(libctx, "default")))
+ goto end;
+
+ /* Construct a public key for fake-rsa */
+ if (!TEST_ptr(params = fake_rsa_key_params(0))
+ || !TEST_ptr(ctx = EVP_PKEY_CTX_new_from_name(libctx, "RSA",
+ "provider=fake-rsa"))
+ || !TEST_true(EVP_PKEY_fromdata_init(ctx))
+ || !TEST_true(EVP_PKEY_fromdata(ctx, &pkey_fake, EVP_PKEY_PUBLIC_KEY,
+ params))
+ || !TEST_ptr(pkey_fake))
+ goto end;
+
+ EVP_PKEY_CTX_free(ctx);
+ ctx = NULL;
+ OSSL_PARAM_free(params);
+ params = NULL;
+
+ /* Construct a public key for default */
+ if (!TEST_ptr(params = fake_rsa_key_params(0))
+ || !TEST_ptr(ctx = EVP_PKEY_CTX_new_from_name(libctx, "RSA",
+ "provider=default"))
+ || !TEST_true(EVP_PKEY_fromdata_init(ctx))
+ || !TEST_true(EVP_PKEY_fromdata(ctx, &pkey_dflt, EVP_PKEY_PUBLIC_KEY,
+ params))
+ || !TEST_ptr(pkey_dflt))
+ goto end;
+
+ EVP_PKEY_CTX_free(ctx);
+ ctx = NULL;
+ OSSL_PARAM_free(params);
+ params = NULL;
+
+ /* now test for equality */
+ if (!TEST_int_eq(EVP_PKEY_eq(pkey_fake, pkey_dflt), 1))
+ goto end;
+
+ ret = 1;
+end:
+ fake_rsa_finish(fake_rsa);
+ OSSL_PROVIDER_unload(deflt);
+ EVP_PKEY_CTX_free(ctx);
+ EVP_PKEY_free(pkey_fake);
+ EVP_PKEY_free(pkey_dflt);
+ OSSL_PARAM_free(params);
+ return ret;
+}
+
static int test_pkey_store(int idx)
{
OSSL_PROVIDER *deflt = NULL;
@@ -235,6 +296,7 @@ int setup_tests(void)
ADD_TEST(test_pkey_sig);
ADD_TEST(test_alternative_keygen_init);
+ ADD_TEST(test_pkey_eq);
ADD_ALL_TESTS(test_pkey_store, 2);
return 1;
--
2.38.1