diff options
author | Shane Lontis <shane.lontis@oracle.com> | 2020-11-20 19:14:14 +1000 |
---|---|---|
committer | Shane Lontis <shane.lontis@oracle.com> | 2020-12-11 10:53:19 +1000 |
commit | f0591559f6f4697768f516da11ba5557842191b0 (patch) | |
tree | b6aaa3bc26e82fd9ba75eecfc2ef3d7e13c96021 /test/evp_pkey_provided_test.c | |
parent | 1a683b80dc9ad4dcbf206a0617364a9d614a9883 (diff) | |
download | openssl-new-f0591559f6f4697768f516da11ba5557842191b0.tar.gz |
Add validate method to ECX keymanager
Fixes #11619
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13459)
Diffstat (limited to 'test/evp_pkey_provided_test.c')
-rw-r--r-- | test/evp_pkey_provided_test.c | 95 |
1 files changed, 75 insertions, 20 deletions
diff --git a/test/evp_pkey_provided_test.c b/test/evp_pkey_provided_test.c index a5604b4fdf..a983d3b533 100644 --- a/test/evp_pkey_provided_test.c +++ b/test/evp_pkey_provided_test.c @@ -22,6 +22,11 @@ static char *datadir = NULL; +/* + * Do not change the order of the following defines unless you also + * update the for loop bounds used inside test_print_key_using_encoder() and + * test_print_key_using_encoder_public(). + */ #define PRIV_TEXT 0 #define PRIV_PEM 1 #define PRIV_DER 2 @@ -266,11 +271,25 @@ static int test_print_key_using_encoder(const char *alg, const EVP_PKEY *pk) int i; int ret = 1; - for (i = 0; i < 6; i++) + for (i = PRIV_TEXT; i <= PUB_DER; i++) + ret = ret && test_print_key_type_using_encoder(alg, i, pk); + + return ret; +} + +#ifndef OPENSSL_NO_EC +static int test_print_key_using_encoder_public(const char *alg, + const EVP_PKEY *pk) +{ + int i; + int ret = 1; + + for (i = PUB_TEXT; i <= PUB_DER; i++) ret = ret && test_print_key_type_using_encoder(alg, i, pk); return ret; } +#endif /* Array indexes used in test_fromdata_rsa */ #define N 0 @@ -709,15 +728,23 @@ err: # define ED25519_IDX 2 # define ED448_IDX 3 +/* + * tst uses indexes 0 ... (3 * 4 - 1) + * For the 4 ECX key types (X25519_IDX..ED448_IDX) + * 0..3 = public + private key. + * 4..7 = private key (This will generate the public key from the private key) + * 8..11 = public key + */ static int test_fromdata_ecx(int tst) { int ret = 0; - EVP_PKEY_CTX *ctx = NULL; + EVP_PKEY_CTX *ctx = NULL, *ctx2 = NULL; EVP_PKEY *pk = NULL, *copy_pk = NULL; const char *alg = NULL; size_t len; unsigned char out_pub[ED448_KEYLEN]; unsigned char out_priv[ED448_KEYLEN]; + OSSL_PARAM params[3] = { OSSL_PARAM_END, OSSL_PARAM_END, OSSL_PARAM_END }; /* ED448_KEYLEN > X448_KEYLEN > X25519_KEYLEN == ED25519_KEYLEN */ static unsigned char key_numbers[4][2][ED448_KEYLEN] = { @@ -836,8 +863,9 @@ static int test_fromdata_ecx(int tst) }; OSSL_PARAM *fromdata_params = NULL; int bits = 0, security_bits = 0, size = 0; + OSSL_PARAM *orig_fromdata_params = NULL; - switch (tst) { + switch (tst & 3) { case X25519_IDX: fromdata_params = x25519_fromdata_params; bits = X25519_BITS; @@ -877,6 +905,17 @@ static int test_fromdata_ecx(int tst) if (!TEST_ptr(ctx)) goto err; + orig_fromdata_params = fromdata_params; + if (tst > 7) { + /* public key only */ + fromdata_params++; + } else if (tst > 3) { + /* private key only */ + params[0] = fromdata_params[0]; + params[1] = fromdata_params[2]; + fromdata_params = params; + } + if (!TEST_true(EVP_PKEY_key_fromdata_init(ctx)) || !TEST_true(EVP_PKEY_fromdata(ctx, &pk, fromdata_params)) || !TEST_int_eq(EVP_PKEY_bits(pk), bits) @@ -884,32 +923,48 @@ static int test_fromdata_ecx(int tst) || !TEST_int_eq(EVP_PKEY_size(pk), size)) goto err; + if (!TEST_ptr(ctx2 = EVP_PKEY_CTX_new_from_pkey(NULL, pk, NULL))) + goto err; + if (tst <= 7) { + if (!TEST_true(EVP_PKEY_check(ctx2))) + goto err; + if (!TEST_true(EVP_PKEY_get_octet_string_param( + pk, orig_fromdata_params[PRIV_KEY].key, + out_priv, sizeof(out_priv), &len)) + || !TEST_mem_eq(out_priv, len, + orig_fromdata_params[PRIV_KEY].data, + orig_fromdata_params[PRIV_KEY].data_size) + || !TEST_true(EVP_PKEY_get_octet_string_param( + pk, orig_fromdata_params[PUB_KEY].key, + out_pub, sizeof(out_pub), &len)) + || !TEST_mem_eq(out_pub, len, + orig_fromdata_params[PUB_KEY].data, + orig_fromdata_params[PUB_KEY].data_size)) + goto err; + } else { + /* The private key check should fail if there is only a public key */ + if (!TEST_true(EVP_PKEY_public_check(ctx2)) + || !TEST_false(EVP_PKEY_private_check(ctx2)) + || !TEST_false(EVP_PKEY_check(ctx2))) + goto err; + } + if (!TEST_ptr(copy_pk = EVP_PKEY_new()) /* This should succeed because there are no parameters to copy */ || !TEST_true(EVP_PKEY_copy_parameters(copy_pk, pk))) goto err; - if (!TEST_true(EVP_PKEY_get_octet_string_param( - pk, fromdata_params[PRIV_KEY].key, - out_priv, sizeof(out_priv), &len)) - || !TEST_mem_eq(out_priv, len, - fromdata_params[PRIV_KEY].data, - fromdata_params[PRIV_KEY].data_size) - || !TEST_true(EVP_PKEY_get_octet_string_param( - pk, fromdata_params[PUB_KEY].key, - out_pub, sizeof(out_pub), &len)) - || !TEST_mem_eq(out_pub, len, - fromdata_params[PUB_KEY].data, - fromdata_params[PUB_KEY].data_size)) - goto err; - - ret = test_print_key_using_pem(alg, pk) - && test_print_key_using_encoder(alg, pk); + if (tst > 7) + ret = test_print_key_using_encoder_public(alg, pk); + else + ret = test_print_key_using_pem(alg, pk) + && test_print_key_using_encoder(alg, pk); err: EVP_PKEY_free(pk); EVP_PKEY_free(copy_pk); EVP_PKEY_CTX_free(ctx); + EVP_PKEY_CTX_free(ctx2); return ret; } @@ -1286,7 +1341,7 @@ int setup_tests(void) ADD_TEST(test_fromdata_dsa_fips186_4); #endif #ifndef OPENSSL_NO_EC - ADD_ALL_TESTS(test_fromdata_ecx, 4); + ADD_ALL_TESTS(test_fromdata_ecx, 4 * 3); ADD_TEST(test_fromdata_ec); #endif return 1; |