diff options
| author | David Makepeace <david.p.makepeace@oracle.com> | 2018-06-21 23:16:18 +0200 |
|---|---|---|
| committer | Richard Levitte <levitte@openssl.org> | 2019-02-13 12:11:49 +0100 |
| commit | 5a285addbf39f91d567f95f04b2b41764127950d (patch) | |
| tree | 4cdf512d4217da5b6b959552a20a33b6a23a9aaa /test/evp_test.c | |
| parent | Sparse array limit testing: reduce the range limit for the number of bits (diff) | |
| download | openssl-5a285addbf39f91d567f95f04b2b41764127950d.tar.xz openssl-5a285addbf39f91d567f95f04b2b41764127950d.zip | |
Added new EVP/KDF API.
Changed PKEY/KDF API to call the new API.
Added wrappers for PKCS5_PBKDF2_HMAC() and EVP_PBE_scrypt() to call the new EVP KDF APIs.
Documentation updated.
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/6674)
Diffstat (limited to 'test/evp_test.c')
| -rw-r--r-- | test/evp_test.c | 152 |
1 files changed, 142 insertions, 10 deletions
diff --git a/test/evp_test.c b/test/evp_test.c index 49d254dc2b..cad580e10c 100644 --- a/test/evp_test.c +++ b/test/evp_test.c @@ -1892,13 +1892,14 @@ static const EVP_TEST_METHOD encode_test_method = { encode_test_run, }; + /** *** KDF TESTS **/ typedef struct kdf_data_st { /* Context for this operation */ - EVP_PKEY_CTX *ctx; + EVP_KDF_CTX *ctx; /* Expected output */ unsigned char *output; size_t output_len; @@ -1925,16 +1926,11 @@ static int kdf_test_init(EVP_TEST *t, const char *name) if (!TEST_ptr(kdata = OPENSSL_zalloc(sizeof(*kdata)))) return 0; - kdata->ctx = EVP_PKEY_CTX_new_id(kdf_nid, NULL); + kdata->ctx = EVP_KDF_CTX_new_id(kdf_nid); if (kdata->ctx == NULL) { OPENSSL_free(kdata); return 0; } - if (EVP_PKEY_derive_init(kdata->ctx) <= 0) { - EVP_PKEY_CTX_free(kdata->ctx); - OPENSSL_free(kdata); - return 0; - } t->data = kdata; return 1; } @@ -1943,7 +1939,42 @@ static void kdf_test_cleanup(EVP_TEST *t) { KDF_DATA *kdata = t->data; OPENSSL_free(kdata->output); - EVP_PKEY_CTX_free(kdata->ctx); + EVP_KDF_CTX_free(kdata->ctx); +} + +static int kdf_test_ctrl(EVP_TEST *t, EVP_KDF_CTX *kctx, + const char *value) +{ + int rv; + char *p, *tmpval; + + if (!TEST_ptr(tmpval = OPENSSL_strdup(value))) + return 0; + p = strchr(tmpval, ':'); + if (p != NULL) + *p++ = '\0'; + rv = EVP_KDF_ctrl_str(kctx, tmpval, p); + if (rv == -2) { + t->err = "KDF_CTRL_INVALID"; + rv = 1; + } else if (p != NULL && rv <= 0) { + /* If p has an OID and lookup fails assume disabled algorithm */ + int nid = OBJ_sn2nid(p); + + if (nid == NID_undef) + nid = OBJ_ln2nid(p); + if (nid != NID_undef + && EVP_get_digestbynid(nid) == NULL + && EVP_get_cipherbynid(nid) == NULL) { + t->skip = 1; + rv = 1; + } else { + t->err = "KDF_CTRL_ERROR"; + rv = 1; + } + } + OPENSSL_free(tmpval); + return rv > 0; } static int kdf_test_parse(EVP_TEST *t, @@ -1954,7 +1985,7 @@ static int kdf_test_parse(EVP_TEST *t, if (strcmp(keyword, "Output") == 0) return parse_bin(value, &kdata->output, &kdata->output_len); if (strncmp(keyword, "Ctrl", 4) == 0) - return pkey_test_ctrl(t, kdata->ctx, value); + return kdf_test_ctrl(t, kdata->ctx, value); return 0; } @@ -1968,7 +1999,7 @@ static int kdf_test_run(EVP_TEST *t) t->err = "INTERNAL_ERROR"; goto err; } - if (EVP_PKEY_derive(expected->ctx, got, &got_len) <= 0) { + if (EVP_KDF_derive(expected->ctx, got, got_len) <= 0) { t->err = "KDF_DERIVE_ERROR"; goto err; } @@ -1994,6 +2025,106 @@ static const EVP_TEST_METHOD kdf_test_method = { /** +*** PKEY KDF TESTS +**/ + +typedef struct pkey_kdf_data_st { + /* Context for this operation */ + EVP_PKEY_CTX *ctx; + /* Expected output */ + unsigned char *output; + size_t output_len; +} PKEY_KDF_DATA; + +/* + * Perform public key operation setup: lookup key, allocated ctx and call + * the appropriate initialisation function + */ +static int pkey_kdf_test_init(EVP_TEST *t, const char *name) +{ + PKEY_KDF_DATA *kdata; + int kdf_nid = OBJ_sn2nid(name); + +#ifdef OPENSSL_NO_SCRYPT + if (strcmp(name, "scrypt") == 0) { + t->skip = 1; + return 1; + } +#endif + + if (kdf_nid == NID_undef) + kdf_nid = OBJ_ln2nid(name); + + if (!TEST_ptr(kdata = OPENSSL_zalloc(sizeof(*kdata)))) + return 0; + kdata->ctx = EVP_PKEY_CTX_new_id(kdf_nid, NULL); + if (kdata->ctx == NULL) { + OPENSSL_free(kdata); + return 0; + } + if (EVP_PKEY_derive_init(kdata->ctx) <= 0) { + EVP_PKEY_CTX_free(kdata->ctx); + OPENSSL_free(kdata); + return 0; + } + t->data = kdata; + return 1; +} + +static void pkey_kdf_test_cleanup(EVP_TEST *t) +{ + PKEY_KDF_DATA *kdata = t->data; + OPENSSL_free(kdata->output); + EVP_PKEY_CTX_free(kdata->ctx); +} + +static int pkey_kdf_test_parse(EVP_TEST *t, + const char *keyword, const char *value) +{ + PKEY_KDF_DATA *kdata = t->data; + + if (strcmp(keyword, "Output") == 0) + return parse_bin(value, &kdata->output, &kdata->output_len); + if (strncmp(keyword, "Ctrl", 4) == 0) + return pkey_test_ctrl(t, kdata->ctx, value); + return 0; +} + +static int pkey_kdf_test_run(EVP_TEST *t) +{ + PKEY_KDF_DATA *expected = t->data; + unsigned char *got = NULL; + size_t got_len = expected->output_len; + + if (!TEST_ptr(got = OPENSSL_malloc(got_len))) { + t->err = "INTERNAL_ERROR"; + goto err; + } + if (EVP_PKEY_derive(expected->ctx, got, &got_len) <= 0) { + t->err = "KDF_DERIVE_ERROR"; + goto err; + } + if (!TEST_mem_eq(expected->output, expected->output_len, got, got_len)) { + t->err = "KDF_MISMATCH"; + goto err; + } + t->err = NULL; + + err: + OPENSSL_free(got); + return 1; +} + +static const EVP_TEST_METHOD pkey_kdf_test_method = { + "PKEYKDF", + pkey_kdf_test_init, + pkey_kdf_test_cleanup, + pkey_kdf_test_parse, + pkey_kdf_test_run +}; + + +/** *** KEYPAIR TESTS **/ @@ -2497,6 +2628,7 @@ static const EVP_TEST_METHOD *evp_test_list[] = { &digestverify_test_method, &encode_test_method, &kdf_test_method, + &pkey_kdf_test_method, &keypair_test_method, &keygen_test_method, &mac_test_method, |