diff options
| author | Shane Lontis <shane.lontis@oracle.com> | 2020-02-16 10:54:08 +0100 |
|---|---|---|
| committer | Shane Lontis <shane.lontis@oracle.com> | 2020-03-03 22:48:45 +0100 |
| commit | f552d900459cbacd82433b688b237cd6870663cd (patch) | |
| tree | 8fca1cf5a0274525e750cf74e890a3ac7f7eb671 /test | |
| parent | Correct two small documentation issues (diff) | |
| download | openssl-f552d900459cbacd82433b688b237cd6870663cd.tar.xz openssl-f552d900459cbacd82433b688b237cd6870663cd.zip | |
Add Serializers for EC
Provide EC serializers for text, pem and der.
EC parameters use ANS1 'CHOICE' - which means they are more embedded than other parameters used by
other KEY types (which normally have a SEQUENCE at the top level).
For this reason the ANS1_STRING type that was being passed around has been changed to a void so that the
code can still be shared with EC.
The EC serializer only supports named curves currently.
NOTE the serializer code assumes PKCS8 format - if the older encode methods are needed they will need to be
added in another PR. (Probably when deserialization is considered).
EVP_PKEY_key_fromdata_init was changed from using a keypair selection to all bits of a key. A side effect of this was
that the very restrictive checks in the ecx code needed to be relaxed as it was assuming all selection flags were non
optional. As this is not the case for any other key the code has been modified.
Fixed a bug in legacy_ctrl_str_to_params() - "ecdh_cofactor_mode" was being incorrectly converted to the wrong keyname.
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11107)
Diffstat (limited to 'test')
| -rw-r--r-- | test/build.info | 2 | ||||
| -rw-r--r-- | test/evp_pkey_provided_test.c | 90 | ||||
| -rw-r--r-- | test/recipes/30-test_evp_pkey_provided.t | 3 | ||||
| -rw-r--r-- | test/recipes/30-test_evp_pkey_provided/EC.priv.der | bin | 0 -> 138 bytes | |||
| -rw-r--r-- | test/recipes/30-test_evp_pkey_provided/EC.priv.pem | 5 | ||||
| -rw-r--r-- | test/recipes/30-test_evp_pkey_provided/EC.priv.txt | 13 | ||||
| -rw-r--r-- | test/recipes/30-test_evp_pkey_provided/EC.pub.der | bin | 0 -> 91 bytes | |||
| -rw-r--r-- | test/recipes/30-test_evp_pkey_provided/EC.pub.pem | 4 | ||||
| -rw-r--r-- | test/recipes/30-test_evp_pkey_provided/EC.pub.txt | 9 |
9 files changed, 111 insertions, 15 deletions
diff --git a/test/build.info b/test/build.info index 5965616d80..ea350e5d6a 100644 --- a/test/build.info +++ b/test/build.info @@ -144,7 +144,7 @@ IF[{- !$disabled{tests} -}] SOURCE[evp_pkey_provided_test]=evp_pkey_provided_test.c INCLUDE[evp_pkey_provided_test]=../include ../apps/include - DEPEND[evp_pkey_provided_test]=../libcrypto libtestutil.a + DEPEND[evp_pkey_provided_test]=../libcrypto.a libtestutil.a IF[{- !$disabled{'deprecated-3.0'} -}] PROGRAMS{noinst}=igetest bftest casttest diff --git a/test/evp_pkey_provided_test.c b/test/evp_pkey_provided_test.c index c161698505..6f7f3986e9 100644 --- a/test/evp_pkey_provided_test.c +++ b/test/evp_pkey_provided_test.c @@ -1,5 +1,5 @@ /* - * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2019-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -15,6 +15,7 @@ #include <openssl/core_names.h> #include "crypto/ecx.h" #include "internal/nelem.h" +#include "internal/param_build.h" #include "crypto/evp.h" /* For the internal API */ #include "testutil.h" @@ -155,7 +156,7 @@ static int test_print_key_type_using_serializer(const char *alg, int type, const char *pq; OSSL_SERIALIZER_CTX *ctx = NULL; BIO *membio = BIO_new(BIO_s_mem()); - int ret = 1; + int ret = 0; switch (type) { case PRIV_TEXT: @@ -187,10 +188,8 @@ static int test_print_key_type_using_serializer(const char *alg, int type, goto err; } - if (!TEST_ptr(membio)) { - ret = 0; + if (!TEST_ptr(membio)) goto err; - } /* Make a context, it's valid for several prints */ TEST_note("Setting up a OSSL_SERIALIZER context with passphrase"); @@ -203,7 +202,7 @@ static int test_print_key_type_using_serializer(const char *alg, int type, TEST_note("Testing with no encryption"); if (!TEST_true(OSSL_SERIALIZER_to_bio(ctx, membio)) || !TEST_true(compare_with_file(alg, type, membio))) - ret = 0; + goto err; if (type == PRIV_PEM) { /* Set a passphrase to be used later */ @@ -216,22 +215,22 @@ static int test_print_key_type_using_serializer(const char *alg, int type, TEST_note("Displaying PEM encrypted with AES-256-CBC"); if (!TEST_true(OSSL_SERIALIZER_CTX_set_cipher(ctx, "AES-256-CBC", NULL)) || !TEST_true(OSSL_SERIALIZER_to_bio(ctx, bio_out))) - ret = 0; + goto err; /* Use an invalid cipher name, which should generate no output */ TEST_note("NOT Displaying PEM encrypted with (invalid) FOO"); if (!TEST_false(OSSL_SERIALIZER_CTX_set_cipher(ctx, "FOO", NULL)) || !TEST_false(OSSL_SERIALIZER_to_bio(ctx, bio_out))) - ret = 0; + goto err; /* Clear the cipher. This should give us an unencrypted PEM again */ TEST_note("Testing with encryption cleared (no encryption)"); if (!TEST_true(OSSL_SERIALIZER_CTX_set_cipher(ctx, NULL, NULL)) || !TEST_true(OSSL_SERIALIZER_to_bio(ctx, membio)) || !TEST_true(compare_with_file(alg, type, membio))) - ret = 0; + goto err; } - + ret = 1; err: BIO_free(membio); OSSL_SERIALIZER_CTX_free(ctx); @@ -479,13 +478,79 @@ static int test_fromdata_ecx(int tst) ret = test_print_key_using_pem(alg, pk) && test_print_key_using_serializer(alg, pk); - err: +err: EVP_PKEY_free(pk); EVP_PKEY_CTX_free(ctx); return ret; } -#endif + +static int test_fromdata_ec(void) +{ + int ret = 0; + EVP_PKEY_CTX *ctx = NULL; + EVP_PKEY *pk = NULL; + OSSL_PARAM_BLD bld; + BIGNUM *ec_priv_bn = NULL; + OSSL_PARAM *fromdata_params = NULL; + const char *alg = "EC"; + static const unsigned char ec_pub_keydata[] = { + 0x04, + 0x1b, 0x93, 0x67, 0x55, 0x1c, 0x55, 0x9f, 0x63, + 0xd1, 0x22, 0xa4, 0xd8, 0xd1, 0x0a, 0x60, 0x6d, + 0x02, 0xa5, 0x77, 0x57, 0xc8, 0xa3, 0x47, 0x73, + 0x3a, 0x6a, 0x08, 0x28, 0x39, 0xbd, 0xc9, 0xd2, + 0x80, 0xec, 0xe9, 0xa7, 0x08, 0x29, 0x71, 0x2f, + 0xc9, 0x56, 0x82, 0xee, 0x9a, 0x85, 0x0f, 0x6d, + 0x7f, 0x59, 0x5f, 0x8c, 0xd1, 0x96, 0x0b, 0xdf, + 0x29, 0x3e, 0x49, 0x07, 0x88, 0x3f, 0x9a, 0x29 + }; + static const unsigned char ec_priv_keydata[] = { + 0x33, 0xd0, 0x43, 0x83, 0xa9, 0x89, 0x56, 0x03, + 0xd2, 0xd7, 0xfe, 0x6b, 0x01, 0x6f, 0xe4, 0x59, + 0xcc, 0x0d, 0x9a, 0x24, 0x6c, 0x86, 0x1b, 0x2e, + 0xdc, 0x4b, 0x4d, 0x35, 0x43, 0xe1, 0x1b, 0xad + }; + + ossl_param_bld_init(&bld); + + if (!TEST_ptr(ec_priv_bn = BN_bin2bn(ec_priv_keydata, + sizeof(ec_priv_keydata), NULL))) + goto err; + + if (ossl_param_bld_push_utf8_string(&bld, OSSL_PKEY_PARAM_EC_NAME, + "prime256v1", 0) <= 0) + goto err; + if (ossl_param_bld_push_octet_string(&bld, OSSL_PKEY_PARAM_PUB_KEY, + ec_pub_keydata, + sizeof(ec_pub_keydata)) <= 0) + goto err; + if (ossl_param_bld_push_BN(&bld, OSSL_PKEY_PARAM_PRIV_KEY, ec_priv_bn) <= 0) + goto err; + if (!TEST_ptr(fromdata_params = ossl_param_bld_to_param(&bld))) + goto err; + ctx = EVP_PKEY_CTX_new_from_name(NULL, alg, NULL); + if (!TEST_ptr(ctx)) + goto err; + + if (!TEST_true(EVP_PKEY_key_fromdata_init(ctx)) + || !TEST_true(EVP_PKEY_fromdata(ctx, &pk, fromdata_params)) + || !TEST_int_eq(EVP_PKEY_bits(pk), 256) + || !TEST_int_eq(EVP_PKEY_security_bits(pk), 128) + || !TEST_int_eq(EVP_PKEY_size(pk), 2 + 35 * 2)) + goto err; + + ret = test_print_key_using_pem(alg, pk) + && test_print_key_using_serializer(alg, pk); +err: + BN_free(ec_priv_bn); + ossl_param_bld_free(fromdata_params); + EVP_PKEY_free(pk); + EVP_PKEY_CTX_free(ctx); + return ret; +} + +#endif /* OPENSSL_NO_EC */ int setup_tests(void) @@ -504,6 +569,7 @@ int setup_tests(void) #endif #ifndef OPENSSL_NO_EC ADD_ALL_TESTS(test_fromdata_ecx, 2); + ADD_TEST(test_fromdata_ec); #endif return 1; } diff --git a/test/recipes/30-test_evp_pkey_provided.t b/test/recipes/30-test_evp_pkey_provided.t index 74b366451d..d9efbeaa66 100644 --- a/test/recipes/30-test_evp_pkey_provided.t +++ b/test/recipes/30-test_evp_pkey_provided.t @@ -1,6 +1,5 @@ #! /usr/bin/env perl -# Copyright 2018 The OpenSSL Project Authors. All Rights Reserved. -# Copyright (c) 2018, Oracle and/or its affiliates. All rights reserved. +# Copyright 2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the Apache License 2.0 (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy diff --git a/test/recipes/30-test_evp_pkey_provided/EC.priv.der b/test/recipes/30-test_evp_pkey_provided/EC.priv.der Binary files differnew file mode 100644 index 0000000000..2f74cfc1ae --- /dev/null +++ b/test/recipes/30-test_evp_pkey_provided/EC.priv.der diff --git a/test/recipes/30-test_evp_pkey_provided/EC.priv.pem b/test/recipes/30-test_evp_pkey_provided/EC.priv.pem new file mode 100644 index 0000000000..953b7a619c --- /dev/null +++ b/test/recipes/30-test_evp_pkey_provided/EC.priv.pem @@ -0,0 +1,5 @@ +-----BEGIN PRIVATE KEY----- +MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgM9BDg6mJVgPS1/5r +AW/kWcwNmiRshhsu3EtNNUPhG62hRANCAAQbk2dVHFWfY9EipNjRCmBtAqV3V8ij +R3M6aggoOb3J0oDs6acIKXEvyVaC7pqFD21/WV+M0ZYL3yk+SQeIP5op +-----END PRIVATE KEY----- diff --git a/test/recipes/30-test_evp_pkey_provided/EC.priv.txt b/test/recipes/30-test_evp_pkey_provided/EC.priv.txt new file mode 100644 index 0000000000..9360d892af --- /dev/null +++ b/test/recipes/30-test_evp_pkey_provided/EC.priv.txt @@ -0,0 +1,13 @@ +Private-Key: (256 bit) +priv: + 33:d0:43:83:a9:89:56:03:d2:d7:fe:6b:01:6f:e4: + 59:cc:0d:9a:24:6c:86:1b:2e:dc:4b:4d:35:43:e1: + 1b:ad +pub: + 04:1b:93:67:55:1c:55:9f:63:d1:22:a4:d8:d1:0a: + 60:6d:02:a5:77:57:c8:a3:47:73:3a:6a:08:28:39: + bd:c9:d2:80:ec:e9:a7:08:29:71:2f:c9:56:82:ee: + 9a:85:0f:6d:7f:59:5f:8c:d1:96:0b:df:29:3e:49: + 07:88:3f:9a:29 +ASN1 OID: prime256v1 +NIST CURVE: P-256 diff --git a/test/recipes/30-test_evp_pkey_provided/EC.pub.der b/test/recipes/30-test_evp_pkey_provided/EC.pub.der Binary files differnew file mode 100644 index 0000000000..b08f9a745f --- /dev/null +++ b/test/recipes/30-test_evp_pkey_provided/EC.pub.der diff --git a/test/recipes/30-test_evp_pkey_provided/EC.pub.pem b/test/recipes/30-test_evp_pkey_provided/EC.pub.pem new file mode 100644 index 0000000000..16ec838271 --- /dev/null +++ b/test/recipes/30-test_evp_pkey_provided/EC.pub.pem @@ -0,0 +1,4 @@ +-----BEGIN PUBLIC KEY----- +MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEG5NnVRxVn2PRIqTY0QpgbQKld1fI +o0dzOmoIKDm9ydKA7OmnCClxL8lWgu6ahQ9tf1lfjNGWC98pPkkHiD+aKQ== +-----END PUBLIC KEY----- diff --git a/test/recipes/30-test_evp_pkey_provided/EC.pub.txt b/test/recipes/30-test_evp_pkey_provided/EC.pub.txt new file mode 100644 index 0000000000..612ba89bb6 --- /dev/null +++ b/test/recipes/30-test_evp_pkey_provided/EC.pub.txt @@ -0,0 +1,9 @@ +Public-Key: (256 bit) +pub: + 04:1b:93:67:55:1c:55:9f:63:d1:22:a4:d8:d1:0a: + 60:6d:02:a5:77:57:c8:a3:47:73:3a:6a:08:28:39: + bd:c9:d2:80:ec:e9:a7:08:29:71:2f:c9:56:82:ee: + 9a:85:0f:6d:7f:59:5f:8c:d1:96:0b:df:29:3e:49: + 07:88:3f:9a:29 +ASN1 OID: prime256v1 +NIST CURVE: P-256 |