mirror of
https://github.com/openssl/openssl.git
synced 2024-12-09 05:51:54 +08:00
81a624f2c2
This is for the case where we build keys from user data Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com> (Merged from https://github.com/openssl/openssl/pull/10778)
207 lines
6.8 KiB
C
207 lines
6.8 KiB
C
/*
|
|
* Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.
|
|
*
|
|
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
|
* this file except in compliance with the License. You can obtain a copy
|
|
* in the file LICENSE in the source distribution or at
|
|
* https://www.openssl.org/source/license.html
|
|
*/
|
|
|
|
#include <openssl/evp.h>
|
|
#include <openssl/pem.h>
|
|
#include <openssl/serializer.h>
|
|
#include <openssl/provider.h>
|
|
#include <openssl/params.h>
|
|
#include <openssl/core_names.h>
|
|
#include "internal/nelem.h"
|
|
#include "crypto/evp.h" /* For the internal API */
|
|
#include "testutil.h"
|
|
|
|
static int test_print_key_using_pem(const EVP_PKEY *pk)
|
|
{
|
|
if (!TEST_true(EVP_PKEY_print_private(bio_out, pk, 0, NULL))
|
|
/* Public key in PEM form */
|
|
|| !TEST_true(PEM_write_bio_PUBKEY(bio_out, pk))
|
|
/* Unencrypted private key in PEM form */
|
|
|| !TEST_true(PEM_write_bio_PrivateKey(bio_out, pk,
|
|
NULL, NULL, 0, NULL, NULL))
|
|
/* Encrypted private key in PEM form */
|
|
|| !TEST_true(PEM_write_bio_PrivateKey(bio_out, pk, EVP_aes_256_cbc(),
|
|
(unsigned char *)"pass", 4,
|
|
NULL, NULL)))
|
|
return 0;
|
|
|
|
return 1;
|
|
}
|
|
|
|
static int test_print_key_using_serializer(const EVP_PKEY *pk)
|
|
{
|
|
const char *pq = OSSL_SERIALIZER_PrivateKey_TO_PEM_PQ;
|
|
OSSL_SERIALIZER_CTX *ctx = NULL;
|
|
int ret = 1;
|
|
|
|
/* Make a context, it's valid for several prints */
|
|
TEST_note("Setting up a OSSL_SERIALIZER context with passphrase");
|
|
if (!TEST_ptr(ctx = OSSL_SERIALIZER_CTX_new_by_EVP_PKEY(pk, pq))
|
|
/* Check that this operation is supported */
|
|
|| !TEST_ptr(OSSL_SERIALIZER_CTX_get_serializer(ctx))
|
|
/* Set a passphrase to be used later */
|
|
|| !TEST_true(OSSL_SERIALIZER_CTX_set_passphrase(ctx,
|
|
(unsigned char *)"pass",
|
|
4)))
|
|
goto err;
|
|
|
|
/* Use no cipher. This should give us an unencrypted PEM */
|
|
TEST_note("Displaying PEM with no encryption");
|
|
if (!TEST_true(OSSL_SERIALIZER_to_bio(ctx, bio_out)))
|
|
ret = 0;
|
|
|
|
/* Use a valid cipher name */
|
|
TEST_note("Displaying PEM encrypted with AES-256-CBC");
|
|
if (!TEST_true(OSSL_SERIALIZER_CTX_set_cipher(ctx, "AES-256-CBC", NULL))
|
|
|| !TEST_true(OSSL_SERIALIZER_to_bio(ctx, bio_out)))
|
|
ret = 0;
|
|
|
|
/* Use an invalid cipher name, which should generate no output */
|
|
TEST_note("NOT Displaying PEM encrypted with (invalid) FOO");
|
|
if (!TEST_false(OSSL_SERIALIZER_CTX_set_cipher(ctx, "FOO", NULL))
|
|
|| !TEST_false(OSSL_SERIALIZER_to_bio(ctx, bio_out)))
|
|
ret = 0;
|
|
|
|
/* Clear the cipher. This should give us an unencrypted PEM again */
|
|
TEST_note("Displaying PEM with encryption cleared (no encryption)");
|
|
if (!TEST_true(OSSL_SERIALIZER_CTX_set_cipher(ctx, NULL, NULL))
|
|
|| !TEST_true(OSSL_SERIALIZER_to_bio(ctx, bio_out)))
|
|
ret = 0;
|
|
|
|
err:
|
|
OSSL_SERIALIZER_CTX_free(ctx);
|
|
return ret;
|
|
}
|
|
|
|
/* Array indexes used in test_fromdata_rsa */
|
|
#define N 0
|
|
#define E 1
|
|
#define D 2
|
|
#define P 3
|
|
#define Q 4
|
|
#define DP 5
|
|
#define DQ 6
|
|
#define QINV 7
|
|
|
|
static int test_fromdata_rsa(void)
|
|
{
|
|
int ret = 0;
|
|
EVP_PKEY_CTX *ctx = NULL;
|
|
EVP_PKEY *pk = NULL;
|
|
/*
|
|
* 32-bit RSA key, extracted from this command,
|
|
* executed with OpenSSL 1.0.2:
|
|
*
|
|
* openssl genrsa 32 | openssl rsa -text
|
|
*/
|
|
static unsigned long key_numbers[] = {
|
|
0xbc747fc5, /* N */
|
|
0x10001, /* E */
|
|
0x7b133399, /* D */
|
|
0xe963, /* P */
|
|
0xceb7, /* Q */
|
|
0x8599, /* DP */
|
|
0xbd87, /* DQ */
|
|
0xcc3b, /* QINV */
|
|
};
|
|
OSSL_PARAM fromdata_params[] = {
|
|
OSSL_PARAM_ulong(OSSL_PKEY_PARAM_RSA_N, &key_numbers[N]),
|
|
OSSL_PARAM_ulong(OSSL_PKEY_PARAM_RSA_E, &key_numbers[E]),
|
|
OSSL_PARAM_ulong(OSSL_PKEY_PARAM_RSA_D, &key_numbers[D]),
|
|
OSSL_PARAM_ulong(OSSL_PKEY_PARAM_RSA_FACTOR, &key_numbers[P]),
|
|
OSSL_PARAM_ulong(OSSL_PKEY_PARAM_RSA_FACTOR, &key_numbers[Q]),
|
|
OSSL_PARAM_ulong(OSSL_PKEY_PARAM_RSA_EXPONENT, &key_numbers[DP]),
|
|
OSSL_PARAM_ulong(OSSL_PKEY_PARAM_RSA_EXPONENT, &key_numbers[DQ]),
|
|
OSSL_PARAM_ulong(OSSL_PKEY_PARAM_RSA_COEFFICIENT, &key_numbers[QINV]),
|
|
OSSL_PARAM_END
|
|
};
|
|
|
|
if (!TEST_ptr(ctx = EVP_PKEY_CTX_new_from_name(NULL, "RSA", NULL)))
|
|
goto err;
|
|
|
|
if (!TEST_true(EVP_PKEY_key_fromdata_init(ctx))
|
|
|| !TEST_true(EVP_PKEY_fromdata(ctx, &pk, fromdata_params))
|
|
|| !TEST_int_eq(EVP_PKEY_bits(pk), 32)
|
|
|| !TEST_int_eq(EVP_PKEY_security_bits(pk), 8)
|
|
|| !TEST_int_eq(EVP_PKEY_size(pk), 4))
|
|
goto err;
|
|
|
|
ret = test_print_key_using_pem(pk)
|
|
| test_print_key_using_serializer(pk);
|
|
|
|
err:
|
|
EVP_PKEY_free(pk);
|
|
EVP_PKEY_CTX_free(ctx);
|
|
|
|
return ret;
|
|
}
|
|
|
|
#ifndef OPENSSL_NO_DH
|
|
/* Array indexes used in test_fromdata_dh */
|
|
#define PRIV_KEY 0
|
|
#define PUB_KEY 1
|
|
#define FFC_P 2
|
|
#define FFC_G 3
|
|
|
|
static int test_fromdata_dh(void)
|
|
{
|
|
int ret = 0;
|
|
EVP_PKEY_CTX *ctx = NULL;
|
|
EVP_PKEY *pk = NULL;
|
|
/*
|
|
* 32-bit DH key, extracted from this command,
|
|
* executed with OpenSSL 1.0.2:
|
|
*
|
|
* openssl dhparam -out dhp.pem 32
|
|
* openssl genpkey -paramfile dhp.pem | openssl pkey -text
|
|
*/
|
|
static unsigned long key_numbers[] = {
|
|
0x666c2b06, /* priv-key */
|
|
0x6fa6de50, /* pub-key */
|
|
0x8bb45f53, /* P */
|
|
0x2, /* G */
|
|
};
|
|
OSSL_PARAM fromdata_params[] = {
|
|
OSSL_PARAM_ulong(OSSL_PKEY_PARAM_DH_PRIV_KEY, &key_numbers[PRIV_KEY]),
|
|
OSSL_PARAM_ulong(OSSL_PKEY_PARAM_DH_PUB_KEY, &key_numbers[PUB_KEY]),
|
|
OSSL_PARAM_ulong(OSSL_PKEY_PARAM_FFC_P, &key_numbers[FFC_P]),
|
|
OSSL_PARAM_ulong(OSSL_PKEY_PARAM_FFC_G, &key_numbers[FFC_G]),
|
|
OSSL_PARAM_END
|
|
};
|
|
|
|
if (!TEST_ptr(ctx = EVP_PKEY_CTX_new_from_name(NULL, "DH", NULL)))
|
|
goto err;
|
|
|
|
if (!TEST_true(EVP_PKEY_key_fromdata_init(ctx))
|
|
|| !TEST_true(EVP_PKEY_fromdata(ctx, &pk, fromdata_params))
|
|
|| !TEST_int_eq(EVP_PKEY_bits(pk), 32)
|
|
|| !TEST_int_eq(EVP_PKEY_security_bits(pk), 0) /* Missing Q */
|
|
|| !TEST_int_eq(EVP_PKEY_size(pk), 4))
|
|
goto err;
|
|
|
|
ret = test_print_key_using_pem(pk)
|
|
| test_print_key_using_serializer(pk);
|
|
|
|
err:
|
|
EVP_PKEY_free(pk);
|
|
EVP_PKEY_CTX_free(ctx);
|
|
|
|
return ret;
|
|
}
|
|
#endif
|
|
|
|
int setup_tests(void)
|
|
{
|
|
ADD_TEST(test_fromdata_rsa);
|
|
#ifndef OPENSSL_NO_DH
|
|
ADD_TEST(test_fromdata_dh);
|
|
#endif
|
|
return 1;
|
|
}
|