evp_fetch_prov_test.c 10 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392
  1. /*
  2. * Copyright 2019-2022 The OpenSSL Project Authors. All Rights Reserved.
  3. *
  4. * Licensed under the Apache License 2.0 (the "License"). You may not use
  5. * this file except in compliance with the License. You can obtain a copy
  6. * in the file LICENSE in the source distribution or at
  7. * https://www.openssl.org/source/license.html
  8. */
  9. /*
  10. * SHA256 low level APIs are deprecated for public use, but still ok for
  11. * internal use. Note, that due to symbols not being exported, only the
  12. * #defines can be accessed. In this case SHA256_CBLOCK.
  13. */
  14. #include "internal/deprecated.h"
  15. #include <string.h>
  16. #include <openssl/sha.h>
  17. #include <openssl/evp.h>
  18. #include <openssl/provider.h>
  19. #include "internal/sizes.h"
  20. #include "testutil.h"
  21. static char *config_file = NULL;
  22. static char *alg = "digest";
  23. static int use_default_ctx = 0;
  24. static char *fetch_property = NULL;
  25. static int expected_fetch_result = 1;
  26. typedef enum OPTION_choice {
  27. OPT_ERR = -1,
  28. OPT_EOF = 0,
  29. OPT_ALG_FETCH_TYPE,
  30. OPT_FETCH_PROPERTY,
  31. OPT_FETCH_FAILURE,
  32. OPT_USE_DEFAULTCTX,
  33. OPT_CONFIG_FILE,
  34. OPT_TEST_ENUM
  35. } OPTION_CHOICE;
  36. const OPTIONS *test_get_options(void)
  37. {
  38. static const OPTIONS test_options[] = {
  39. OPT_TEST_OPTIONS_WITH_EXTRA_USAGE("[provname...]\n"),
  40. { "config", OPT_CONFIG_FILE, '<', "The configuration file to use for the libctx" },
  41. { "type", OPT_ALG_FETCH_TYPE, 's', "The fetch type to test" },
  42. { "property", OPT_FETCH_PROPERTY, 's', "The fetch property e.g. provider=fips" },
  43. { "fetchfail", OPT_FETCH_FAILURE, '-', "fetch is expected to fail" },
  44. { "defaultctx", OPT_USE_DEFAULTCTX, '-',
  45. "Use the default context if this is set" },
  46. { OPT_HELP_STR, 1, '-', "file\tProvider names to explicitly load\n" },
  47. { NULL }
  48. };
  49. return test_options;
  50. }
  51. static int calculate_digest(const EVP_MD *md, const char *msg, size_t len,
  52. const unsigned char *exptd)
  53. {
  54. unsigned char out[SHA256_DIGEST_LENGTH];
  55. EVP_MD_CTX *ctx;
  56. int ret = 0;
  57. if (!TEST_ptr(ctx = EVP_MD_CTX_new())
  58. || !TEST_true(EVP_DigestInit_ex(ctx, md, NULL))
  59. || !TEST_true(EVP_DigestUpdate(ctx, msg, len))
  60. || !TEST_true(EVP_DigestFinal_ex(ctx, out, NULL))
  61. || !TEST_mem_eq(out, SHA256_DIGEST_LENGTH, exptd,
  62. SHA256_DIGEST_LENGTH)
  63. || !TEST_true(md == EVP_MD_CTX_get0_md(ctx)))
  64. goto err;
  65. ret = 1;
  66. err:
  67. EVP_MD_CTX_free(ctx);
  68. return ret;
  69. }
  70. static int load_providers(OSSL_LIB_CTX **libctx, OSSL_PROVIDER *prov[])
  71. {
  72. OSSL_LIB_CTX *ctx = NULL;
  73. int ret = 0;
  74. size_t i;
  75. ctx = OSSL_LIB_CTX_new();
  76. if (!TEST_ptr(ctx))
  77. goto err;
  78. if (!TEST_true(OSSL_LIB_CTX_load_config(ctx, config_file)))
  79. goto err;
  80. if (test_get_argument_count() > 2)
  81. goto err;
  82. for (i = 0; i < test_get_argument_count(); ++i) {
  83. char *provname = test_get_argument(i);
  84. prov[i] = OSSL_PROVIDER_load(ctx, provname);
  85. if (!TEST_ptr(prov[i]))
  86. goto err;
  87. }
  88. ret = 1;
  89. *libctx = ctx;
  90. err:
  91. if (ret == 0)
  92. OSSL_LIB_CTX_free(ctx);
  93. return ret;
  94. }
  95. static void unload_providers(OSSL_LIB_CTX **libctx, OSSL_PROVIDER *prov[])
  96. {
  97. if (prov[0] != NULL)
  98. OSSL_PROVIDER_unload(prov[0]);
  99. if (prov[1] != NULL)
  100. OSSL_PROVIDER_unload(prov[1]);
  101. /* Not normally needed, but we would like to test that
  102. * OPENSSL_thread_stop_ex() behaves as expected.
  103. */
  104. if (libctx != NULL && *libctx != NULL) {
  105. OPENSSL_thread_stop_ex(*libctx);
  106. OSSL_LIB_CTX_free(*libctx);
  107. }
  108. }
  109. static X509_ALGOR *make_algor(int nid)
  110. {
  111. X509_ALGOR *algor;
  112. if (!TEST_ptr(algor = X509_ALGOR_new())
  113. || !TEST_true(X509_ALGOR_set0(algor, OBJ_nid2obj(nid),
  114. V_ASN1_UNDEF, NULL))) {
  115. X509_ALGOR_free(algor);
  116. return NULL;
  117. }
  118. return algor;
  119. }
  120. /*
  121. * Test EVP_MD_fetch()
  122. */
  123. static int test_md(const EVP_MD *md)
  124. {
  125. const char testmsg[] = "Hello world";
  126. const unsigned char exptd[] = {
  127. 0x27, 0x51, 0x8b, 0xa9, 0x68, 0x30, 0x11, 0xf6, 0xb3, 0x96, 0x07, 0x2c,
  128. 0x05, 0xf6, 0x65, 0x6d, 0x04, 0xf5, 0xfb, 0xc3, 0x78, 0x7c, 0xf9, 0x24,
  129. 0x90, 0xec, 0x60, 0x6e, 0x50, 0x92, 0xe3, 0x26
  130. };
  131. return TEST_ptr(md)
  132. && TEST_true(EVP_MD_is_a(md, "SHA256"))
  133. && TEST_true(calculate_digest(md, testmsg, sizeof(testmsg), exptd))
  134. && TEST_int_eq(EVP_MD_get_size(md), SHA256_DIGEST_LENGTH)
  135. && TEST_int_eq(EVP_MD_get_block_size(md), SHA256_CBLOCK);
  136. }
  137. static int test_implicit_EVP_MD_fetch(void)
  138. {
  139. OSSL_LIB_CTX *ctx = NULL;
  140. OSSL_PROVIDER *prov[2] = {NULL, NULL};
  141. int ret = 0;
  142. ret = (use_default_ctx == 0 || load_providers(&ctx, prov))
  143. && test_md(EVP_sha256());
  144. unload_providers(&ctx, prov);
  145. return ret;
  146. }
  147. static int test_explicit_EVP_MD_fetch(const char *id)
  148. {
  149. OSSL_LIB_CTX *ctx = NULL;
  150. EVP_MD *md = NULL;
  151. OSSL_PROVIDER *prov[2] = {NULL, NULL};
  152. int ret = 0;
  153. if (use_default_ctx == 0 && !load_providers(&ctx, prov))
  154. goto err;
  155. md = EVP_MD_fetch(ctx, id, fetch_property);
  156. if (expected_fetch_result != 0) {
  157. if (!test_md(md))
  158. goto err;
  159. /* Also test EVP_MD_up_ref() while we're doing this */
  160. if (!TEST_true(EVP_MD_up_ref(md)))
  161. goto err;
  162. /* Ref count should now be 2. Release first one here */
  163. EVP_MD_free(md);
  164. } else {
  165. if (!TEST_ptr_null(md))
  166. goto err;
  167. }
  168. ret = 1;
  169. err:
  170. EVP_MD_free(md);
  171. unload_providers(&ctx, prov);
  172. return ret;
  173. }
  174. static int test_explicit_EVP_MD_fetch_by_name(void)
  175. {
  176. return test_explicit_EVP_MD_fetch("SHA256");
  177. }
  178. /*
  179. * idx 0: Allow names from OBJ_obj2txt()
  180. * idx 1: Force an OID in text form from OBJ_obj2txt()
  181. */
  182. static int test_explicit_EVP_MD_fetch_by_X509_ALGOR(int idx)
  183. {
  184. int ret = 0;
  185. X509_ALGOR *algor = make_algor(NID_sha256);
  186. const ASN1_OBJECT *obj;
  187. char id[OSSL_MAX_NAME_SIZE] = { 0 };
  188. if (algor == NULL)
  189. return 0;
  190. X509_ALGOR_get0(&obj, NULL, NULL, algor);
  191. switch (idx) {
  192. case 0:
  193. if (!TEST_int_gt(OBJ_obj2txt(id, sizeof(id), obj, 0), 0))
  194. goto end;
  195. break;
  196. case 1:
  197. if (!TEST_int_gt(OBJ_obj2txt(id, sizeof(id), obj, 1), 0))
  198. goto end;
  199. break;
  200. }
  201. ret = test_explicit_EVP_MD_fetch(id);
  202. end:
  203. X509_ALGOR_free(algor);
  204. return ret;
  205. }
  206. /*
  207. * Test EVP_CIPHER_fetch()
  208. */
  209. static int encrypt_decrypt(const EVP_CIPHER *cipher, const unsigned char *msg,
  210. size_t len)
  211. {
  212. int ret = 0, ctlen, ptlen;
  213. EVP_CIPHER_CTX *ctx = NULL;
  214. unsigned char key[128 / 8];
  215. unsigned char ct[64], pt[64];
  216. memset(key, 0, sizeof(key));
  217. if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new())
  218. || !TEST_true(EVP_CipherInit_ex(ctx, cipher, NULL, key, NULL, 1))
  219. || !TEST_true(EVP_CipherUpdate(ctx, ct, &ctlen, msg, len))
  220. || !TEST_true(EVP_CipherFinal_ex(ctx, ct, &ctlen))
  221. || !TEST_true(EVP_CipherInit_ex(ctx, cipher, NULL, key, NULL, 0))
  222. || !TEST_true(EVP_CipherUpdate(ctx, pt, &ptlen, ct, ctlen))
  223. || !TEST_true(EVP_CipherFinal_ex(ctx, pt, &ptlen))
  224. || !TEST_mem_eq(pt, ptlen, msg, len))
  225. goto err;
  226. ret = 1;
  227. err:
  228. EVP_CIPHER_CTX_free(ctx);
  229. return ret;
  230. }
  231. static int test_cipher(const EVP_CIPHER *cipher)
  232. {
  233. const unsigned char testmsg[] = "Hello world";
  234. return TEST_ptr(cipher)
  235. && TEST_true(encrypt_decrypt(cipher, testmsg, sizeof(testmsg)));
  236. }
  237. static int test_implicit_EVP_CIPHER_fetch(void)
  238. {
  239. OSSL_LIB_CTX *ctx = NULL;
  240. OSSL_PROVIDER *prov[2] = {NULL, NULL};
  241. int ret = 0;
  242. ret = (use_default_ctx == 0 || load_providers(&ctx, prov))
  243. && test_cipher(EVP_aes_128_cbc());
  244. unload_providers(&ctx, prov);
  245. return ret;
  246. }
  247. static int test_explicit_EVP_CIPHER_fetch(const char *id)
  248. {
  249. OSSL_LIB_CTX *ctx = NULL;
  250. EVP_CIPHER *cipher = NULL;
  251. OSSL_PROVIDER *prov[2] = {NULL, NULL};
  252. int ret = 0;
  253. if (use_default_ctx == 0 && !load_providers(&ctx, prov))
  254. goto err;
  255. cipher = EVP_CIPHER_fetch(ctx, id, fetch_property);
  256. if (expected_fetch_result != 0) {
  257. if (!test_cipher(cipher))
  258. goto err;
  259. if (!TEST_true(EVP_CIPHER_up_ref(cipher)))
  260. goto err;
  261. /* Ref count should now be 2. Release first one here */
  262. EVP_CIPHER_free(cipher);
  263. } else {
  264. if (!TEST_ptr_null(cipher))
  265. goto err;
  266. }
  267. ret = 1;
  268. err:
  269. EVP_CIPHER_free(cipher);
  270. unload_providers(&ctx, prov);
  271. return ret;
  272. }
  273. static int test_explicit_EVP_CIPHER_fetch_by_name(void)
  274. {
  275. return test_explicit_EVP_CIPHER_fetch("AES-128-CBC");
  276. }
  277. /*
  278. * idx 0: Allow names from OBJ_obj2txt()
  279. * idx 1: Force an OID in text form from OBJ_obj2txt()
  280. */
  281. static int test_explicit_EVP_CIPHER_fetch_by_X509_ALGOR(int idx)
  282. {
  283. int ret = 0;
  284. X509_ALGOR *algor = make_algor(NID_aes_128_cbc);
  285. const ASN1_OBJECT *obj;
  286. char id[OSSL_MAX_NAME_SIZE] = { 0 };
  287. if (algor == NULL)
  288. return 0;
  289. X509_ALGOR_get0(&obj, NULL, NULL, algor);
  290. switch (idx) {
  291. case 0:
  292. if (!TEST_int_gt(OBJ_obj2txt(id, sizeof(id), obj, 0), 0))
  293. goto end;
  294. break;
  295. case 1:
  296. if (!TEST_int_gt(OBJ_obj2txt(id, sizeof(id), obj, 1), 0))
  297. goto end;
  298. break;
  299. }
  300. ret = test_explicit_EVP_CIPHER_fetch(id);
  301. end:
  302. X509_ALGOR_free(algor);
  303. return ret;
  304. }
  305. int setup_tests(void)
  306. {
  307. OPTION_CHOICE o;
  308. while ((o = opt_next()) != OPT_EOF) {
  309. switch (o) {
  310. case OPT_CONFIG_FILE:
  311. config_file = opt_arg();
  312. break;
  313. case OPT_ALG_FETCH_TYPE:
  314. alg = opt_arg();
  315. break;
  316. case OPT_FETCH_PROPERTY:
  317. fetch_property = opt_arg();
  318. break;
  319. case OPT_FETCH_FAILURE:
  320. expected_fetch_result = 0;
  321. break;
  322. case OPT_USE_DEFAULTCTX:
  323. use_default_ctx = 1;
  324. break;
  325. case OPT_TEST_CASES:
  326. break;
  327. default:
  328. case OPT_ERR:
  329. return 0;
  330. }
  331. }
  332. if (strcmp(alg, "digest") == 0) {
  333. ADD_TEST(test_implicit_EVP_MD_fetch);
  334. ADD_TEST(test_explicit_EVP_MD_fetch_by_name);
  335. ADD_ALL_TESTS_NOSUBTEST(test_explicit_EVP_MD_fetch_by_X509_ALGOR, 2);
  336. } else {
  337. ADD_TEST(test_implicit_EVP_CIPHER_fetch);
  338. ADD_TEST(test_explicit_EVP_CIPHER_fetch_by_name);
  339. ADD_ALL_TESTS_NOSUBTEST(test_explicit_EVP_CIPHER_fetch_by_X509_ALGOR, 2);
  340. }
  341. return 1;
  342. }