Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add more generic EdDSA tests #379

Merged
merged 6 commits into from
Apr 15, 2024
Merged

Add more generic EdDSA tests #379

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
6 commits
Select commit Hold shift + click to select a range
1210f31
Add some more tests around EdDSA
simo5 Apr 12, 2024
2e21e6a
Implement EdDSA public key export
Jakuje Sep 20, 2023
fa55b3a
Refactor Key Generation test
simo5 Apr 12, 2024
55ef3bc
Add key generation test for ED25519
simo5 Apr 12, 2024
a3c6ca1
Fix error messages
simo5 Apr 15, 2024
4717802
Apply keycmp workaroud only for non-private keys
simo5 Apr 15, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
23 changes: 22 additions & 1 deletion src/keymgmt.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1768,14 +1768,35 @@ static int p11prov_ed_get_params(void *keydata, OSSL_PARAM params[])
return ret;
}
}
p = OSSL_PARAM_locate(params, OSSL_PKEY_PARAM_PUB_KEY);
if (p) {
CK_ATTRIBUTE *pub;

if (p->data_type != OSSL_PARAM_OCTET_STRING) {
return RET_OSSL_ERR;
}
ret = p11prov_obj_get_ed_pub_key(key, &pub);
if (ret != RET_OSSL_OK) {
return ret;
}

p->return_size = pub->ulValueLen;
if (p->data) {
if (p->data_size < pub->ulValueLen) {
return RET_OSSL_ERR;
}
memcpy(p->data, pub->pValue, pub->ulValueLen);
p->data_size = pub->ulValueLen;
}
}

return RET_OSSL_OK;
}

static const OSSL_PARAM *p11prov_ed_gettable_params(void *provctx)
{
static const OSSL_PARAM params[] = {
/* TODO: OSSL_PARAM_octet_string(OSSL_PKEY_PARAM_PUB_KEY, NULL, 0), */
OSSL_PARAM_octet_string(OSSL_PKEY_PARAM_PUB_KEY, NULL, 0),
OSSL_PARAM_int(OSSL_PKEY_PARAM_BITS, NULL),
OSSL_PARAM_int(OSSL_PKEY_PARAM_SECURITY_BITS, NULL),
OSSL_PARAM_int(OSSL_PKEY_PARAM_MAX_SIZE, NULL),
Expand Down
32 changes: 32 additions & 0 deletions src/objects.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1993,6 +1993,38 @@ int p11prov_obj_export_public_key(P11PROV_OBJ *obj, CK_KEY_TYPE key_type,
}
}

int p11prov_obj_get_ed_pub_key(P11PROV_OBJ *obj, CK_ATTRIBUTE **pub)
{
CK_ATTRIBUTE *a;

P11PROV_debug("get ed pubkey %p", *obj);

if (!obj) {
return RET_OSSL_ERR;
}

if (obj->class != CKO_PRIVATE_KEY && obj->class != CKO_PUBLIC_KEY) {
P11PROV_raise(obj->ctx, CKR_GENERAL_ERROR, "Invalid Object Class");
return RET_OSSL_ERR;
}

if (obj->data.key.type != CKK_EC_EDWARDS) {
P11PROV_raise(obj->ctx, CKR_GENERAL_ERROR, "Unsupported key type");
return RET_OSSL_ERR;
}

/* See if we have cached attributes first */
a = p11prov_obj_get_attr(obj, CKA_P11PROV_PUB_KEY);
if (!a) {
return RET_OSSL_ERR;
}

if (pub) {
*pub = a;
}
return RET_OSSL_OK;
}

int p11prov_obj_get_ec_public_x_y(P11PROV_OBJ *obj, CK_ATTRIBUTE **pub_x,
CK_ATTRIBUTE **pub_y)
{
Expand Down
1 change: 1 addition & 0 deletions src/objects.h
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -54,6 +54,7 @@ int p11prov_obj_export_public_key(P11PROV_OBJ *obj, CK_KEY_TYPE key_type,
void *cb_arg);
int p11prov_obj_get_ec_public_x_y(P11PROV_OBJ *obj, CK_ATTRIBUTE **pub_x,
CK_ATTRIBUTE **pub_y);
int p11prov_obj_get_ed_pub_key(P11PROV_OBJ *obj, CK_ATTRIBUTE **pub);

#define OBJ_CMP_KEY_TYPE 0x00
#define OBJ_CMP_KEY_PUBLIC 0x01
Expand Down
1 change: 0 additions & 1 deletion tests/Makefile.am
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -87,7 +87,6 @@ test_LIST = \
oaepsha2-softokn.t \
hkdf-softokn.t \
rsapss-softokn.t \
genkey-softokn.t genkey-softhsm.t \
session-softokn.t session-softhsm.t \
rand-softokn.t rand-softhsm.t \
readkeys-softokn.t readkeys-softhsm.t \
Expand Down
17 changes: 15 additions & 2 deletions tests/tbasic
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -153,9 +153,10 @@ fi
OPENSSL_CONF=${ORIG_OPENSSL_CONF}

title PARA "Test EVP_PKEY_eq on public RSA key both on token"
# shellcheck disable=SC2153 # PUBURIs is assigned
$CHECKER ./tcmpkeys "$PUBURI" "$PUBURI"
title PARA "Test EVP_PKEY_eq on public EC key both on token"
# shellcheck disable=SC2153 # ECURIs and ECXURIs are not spelling errors
# shellcheck disable=SC2153 # ECURIs and ECXURIs are assigned
$CHECKER ./tcmpkeys "$ECPUBURI" "$ECPUBURI"
if [[ -n $ECXPUBURI ]]; then
title PARA "Test EVP_PKEY_eq on public explicit EC key both on token"
Expand Down Expand Up @@ -186,7 +187,7 @@ if [[ -n $ECXPUBURI ]]; then
title PARA "Test EVP_PKEY_eq on public explicit EC key via import"
$CHECKER ./tcmpkeys "$ECXPUBURI" "${TMPPDIR}"/ecx.pub.uripin.pem
title PARA "Match private explicit EC key against public key"
# shellcheck disable=SC2153 # ECURIs and ECXURIs are not spelling errors
# shellcheck disable=SC2153 # ECURIs and ECXURIs are assigned
$CHECKER ./tcmpkeys "$ECXPRIURI" "${TMPPDIR}"/ecx.pub.uripin.pem
title PARA "Match private explicit EC key against public key (commutativity)"
$CHECKER ./tcmpkeys "${TMPPDIR}"/ecx.pub.uripin.pem "$ECXPRIURI"
Expand Down Expand Up @@ -267,4 +268,16 @@ if [[ -n $ECBASE3URI ]]; then
fi
OPENSSL_CONF=${ORIG_OPENSSL_CONF}

title PARA "Test Key generation"
output=$($CHECKER "${TESTBLDDIR}"/tgenkey "RSA,RSA-PSS,EC,RSAKeyUsage" 2>&1)
FAIL=0
echo "$output" | grep "Performed tests: 4" || FAIL=1
if [ $FAIL -ne 0 ]; then
echo
echo "Original command output:"
echo "$output"
echo
exit 1
fi

exit 0
10 changes: 10 additions & 0 deletions tests/tcmpkeys.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -44,6 +44,16 @@ static EVP_PKEY *load_key(const char *uri)
exit(EXIT_FAILURE);
}

if (strncmp(uri, "pkcs11:", 7) && strstr(uri, "type=private") == NULL) {
/* This is a workaround for OpenSSL < 3.2.0 where the code fails
* to correctly source public keys unless explicitly requested
* via an expect hint */
if (OSSL_STORE_expect(store, OSSL_STORE_INFO_PUBKEY) != 1) {
fprintf(stderr, "Failed to expect Public Key File\n");
exit(EXIT_FAILURE);
}
}

for (info = OSSL_STORE_load(store); info != NULL;
info = OSSL_STORE_load(store)) {
int type = OSSL_STORE_INFO_get_type(info);
Expand Down
19 changes: 19 additions & 0 deletions tests/tedwards
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -39,4 +39,23 @@ req -new -batch -key "${EDPRIURI}" -out ${TMPPDIR}/ed25519_csr.pem'
ossl '
req -in ${TMPPDIR}/ed25519_csr.pem -verify -noout'

title PARA "Test EVP_PKEY_eq on public ED key via import"
$CHECKER ./tcmpkeys "$EDPUBURI" "${TMPPDIR}"/edout.pub
title PARA "Match private ED key against public key"
$CHECKER ./tcmpkeys "$EDPRIURI" "${TMPPDIR}"/edout.pub
title PARA "Match private ED key against public key (commutativity)"
$CHECKER ./tcmpkeys "${TMPPDIR}"/edout.pub "$EDPRIURI"

title PARA "Test Key generation"
output=$("${TESTBLDDIR}"/tgenkey "ED25519" 2>&1 || true)
FAIL=0
echo "$output" | grep "Performed tests: 1" || FAIL=1
if [ $FAIL -ne 0 ]; then
echo
echo "Original command output:"
echo "$output"
echo
exit 1
fi

exit 0
Loading