Skip to content

Commit

Permalink
Add Key Usage generation test
Browse files Browse the repository at this point in the history
Signed-off-by: Simo Sorce <simo@redhat.com>
  • Loading branch information
simo5 committed Sep 8, 2023
1 parent 9da7deb commit 4a755ad
Showing 1 changed file with 135 additions and 6 deletions.
141 changes: 135 additions & 6 deletions tests/tgenkey.c
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,7 @@
SPDX-License-Identifier: Apache-2.0 */

#define _GNU_SOURCE
#include <stdbool.h>
#include <stdio.h>
#include <stdlib.h>
#include <openssl/core_names.h>
Expand Down Expand Up @@ -116,7 +117,7 @@ static void check_keys(OSSL_STORE_CTX *store, const char *key_type)
}

static void gen_keys(const char *key_type, const char *label, const char *idhex,
const OSSL_PARAM *params)
const OSSL_PARAM *params, bool fail)
{
EVP_PKEY_CTX *ctx;
EVP_PKEY *key = NULL;
Expand All @@ -139,11 +140,23 @@ static void gen_keys(const char *key_type, const char *label, const char *idhex,
exit(EXIT_FAILURE);
}

EVP_PKEY_CTX_set_params(ctx, params);
ret = EVP_PKEY_CTX_set_params(ctx, params);
if (ret != 1) {
fprintf(stderr, "Failed to set params\n");
exit(EXIT_FAILURE);
}

ret = EVP_PKEY_generate(ctx, &key);
if (ret != 1) {
fprintf(stderr, "Failed to generate key\n");
if (!fail) {
fprintf(stderr, "Failed to generate key\n");
exit(EXIT_FAILURE);
}
return;
}

if (fail) {
fprintf(stderr, "Key generation unexpectedly succeeded\n");
exit(EXIT_FAILURE);
}

Expand Down Expand Up @@ -198,13 +211,93 @@ static void gen_keys(const char *key_type, const char *label, const char *idhex,
OSSL_STORE_close(store);
}

static void sign_test(const char *label, bool fail)
{
OSSL_STORE_CTX *store;
OSSL_STORE_SEARCH *search;
OSSL_STORE_INFO *info;
EVP_PKEY *privkey = NULL;
EVP_MD_CTX *ctx = NULL;
EVP_PKEY_CTX *pctx = NULL;
const unsigned char data[] = "Plaintext Data";
unsigned char sigret[4096];
size_t siglen = 4096;
int ret;

store = OSSL_STORE_open("pkcs11:", NULL, NULL, NULL, NULL);
if (store == NULL) {
fprintf(stderr, "Failed to open pkcs11 store\n");
exit(EXIT_FAILURE);
}

search = OSSL_STORE_SEARCH_by_alias(label);
if (search == NULL) {
fprintf(stderr, "Failed to create store search filter\n");
exit(EXIT_FAILURE);
}
ret = OSSL_STORE_find(store, search);
if (ret != 1) {
fprintf(stderr, "Failed to set store search filter\n");
exit(EXIT_FAILURE);
}
OSSL_STORE_SEARCH_free(search);

for (info = OSSL_STORE_load(store); info != NULL;
info = OSSL_STORE_load(store)) {
int type = OSSL_STORE_INFO_get_type(info);

if (type == OSSL_STORE_INFO_PKEY) {
privkey = OSSL_STORE_INFO_get1_PKEY(info);
break;
}
OSSL_STORE_INFO_free(info);
}

OSSL_STORE_close(store);

if (privkey == NULL) {
fprintf(stderr, "Failed to load private key\n");
exit(EXIT_FAILURE);
}

ctx = EVP_MD_CTX_new();
if (!ctx) {
fprintf(stderr, "Failed to init MD_CTX\n");
exit(EXIT_FAILURE);
}

ret = EVP_DigestSignInit(ctx, &pctx, EVP_sha256(), NULL, privkey);
if (ret == 0) {
fprintf(stderr, "Failed to init Sig Ctx\n");
exit(EXIT_FAILURE);
}

ret = EVP_DigestSign(ctx, sigret, &siglen, data, sizeof(data));
if (ret == 0) {
if (!fail) {
fprintf(stderr, "Failed to generate signature\n");
exit(EXIT_FAILURE);
}
} else {
if (fail) {
fprintf(stderr, "Expected failure, but signature worked\n");
exit(EXIT_FAILURE);
}
}

EVP_PKEY_free(privkey);
EVP_MD_CTX_free(ctx);
}

int main(int argc, char *argv[])
{
char *label;
unsigned char id[16];
char idhex[16 * 3 + 1];
char *uri;
size_t rsa_bits = 3072;
const char *key_usage = "dataEncipherment keyEncipherment";
const char *bad_usage = "dataEncipherment gibberish ";
OSSL_PARAM params[4];
int miniid;
int ret;
Expand All @@ -231,7 +324,7 @@ int main(int argc, char *argv[])
params[1] = OSSL_PARAM_construct_size_t("rsa_keygen_bits", &rsa_bits);
params[2] = OSSL_PARAM_construct_end();

gen_keys("RSA", label, idhex, params);
gen_keys("RSA", label, idhex, params, false);
free(label);
free(uri);

Expand Down Expand Up @@ -259,7 +352,7 @@ int main(int argc, char *argv[])
(char *)"SHA256", 0);
params[3] = OSSL_PARAM_construct_end();

gen_keys("RSA-PSS", label, idhex, params);
gen_keys("RSA-PSS", label, idhex, params, false);
free(label);
free(uri);

Expand All @@ -286,7 +379,43 @@ int main(int argc, char *argv[])
(char *)"P-256", 0);
params[2] = OSSL_PARAM_construct_end();

gen_keys("EC", label, idhex, params);
gen_keys("EC", label, idhex, params, false);
free(label);
free(uri);

/* RSA with Key Usage restrictions */
ret = RAND_bytes(id, 16);
if (ret != 1) {
fprintf(stderr, "Failed to set generate key id\n");
exit(EXIT_FAILURE);
}
miniid = (id[0] << 24) + (id[1] << 16) + (id[2] << 8) + id[3];
ret = asprintf(&label, "Test-RSA-Key-Usage-%08x", miniid);
if (ret == -1) {
fprintf(stderr, "Failed to make label");
exit(EXIT_FAILURE);
}
hexify(idhex, id, 16);
ret = asprintf(&uri, "pkcs11:object=%s;id=%s", label, idhex);
if (ret == -1) {
fprintf(stderr, "Failed to make label");
exit(EXIT_FAILURE);
}
params[0] = OSSL_PARAM_construct_utf8_string("pkcs11_uri", uri, 0);
params[1] = OSSL_PARAM_construct_utf8_string("pkcs11_key_usage",
(char *)key_usage, 0);
params[2] = OSSL_PARAM_construct_size_t("rsa_keygen_bits", &rsa_bits);
params[3] = OSSL_PARAM_construct_end();

gen_keys("RSA", label, idhex, params, false);

sign_test(label, true);

params[1] = OSSL_PARAM_construct_utf8_string("pkcs11_key_usage",
(char *)bad_usage, 0);

gen_keys("RSA", label, idhex, params, true);

free(label);
free(uri);

Expand Down

0 comments on commit 4a755ad

Please sign in to comment.