aboutsummaryrefslogblamecommitdiffstats
path: root/lib/crypto/c_src/otp_test_engine.c
blob: fd26b7cb5db5557c17d48eefc03d8681e5402dfe (plain) (tree)
1
2
3
4


                   
                                                        


















                                                                           
 

                   
                   
                   
 
                        
                        








                                                                          





                                                                   

      














                                                                                 


                                                        













                                                                           




                                                                                                         
 
                                                                    
 

                                                   
    
                          





                                                               

                                      
                                                                                           

                              
 
               
 

                          

                                                   
      










                                                              












                                                                   


























                                                                                 
                                                                         

                                  
 




                                         




























                                                                                        









                                                            

























                                                                                      


          
                 
     
    




                   

 

                                                  
                          
                                                                             
                                                   
                 


                                      












                                                                 

                          

                                            
                                      

             







                                       




                                       







                                                                       








                                                                                                         




                             

                                                                            

     




                                                                        


                
                                                                                         
                           
                                                                        


                                                           
                  


                                     

                                                                       


                 
                                                      
                  
                    







                                                                       



                 





                                                











                                                                  
 

      




                                                                                     
                                                                                         









                                                                                           


                                                                                                      
                 










                                          

                 

                                  



                                                                                            


                                   


              













                                                                                             




                                       
                                  
                                             











                                             
/*
 * %CopyrightBegin%
 *
 * Copyright Ericsson AB 2017-2018. All Rights Reserved.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *     http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 *
 * %CopyrightEnd%
 */

#ifdef _WIN32
#define OPENSSL_OPT_WINDLL
#endif

#include <stdio.h>
#include <string.h>
#include <limits.h>
#include <stdint.h>

#include <openssl/md5.h>
#include <openssl/rsa.h>

#define PACKED_OPENSSL_VERSION(MAJ, MIN, FIX, P)	\
    ((((((((MAJ << 8) | MIN) << 8 ) | FIX) << 8) | (P-'a'+1)) << 4) | 0xf)

#define PACKED_OPENSSL_VERSION_PLAIN(MAJ, MIN, FIX) \
    PACKED_OPENSSL_VERSION(MAJ,MIN,FIX,('a'-1))

#if OPENSSL_VERSION_NUMBER < PACKED_OPENSSL_VERSION_PLAIN(1,1,0) \
    || defined(LIBRESSL_VERSION_NUMBER)
# define OLD
#endif

#if OPENSSL_VERSION_NUMBER >= PACKED_OPENSSL_VERSION_PLAIN(1,1,0) \
    && !defined(LIBRESSL_VERSION_NUMBER)
# define FAKE_RSA_IMPL
#endif

#if OPENSSL_VERSION_NUMBER >= PACKED_OPENSSL_VERSION(0,9,8,'o') \
	&& !defined(OPENSSL_NO_EC) \
	&& !defined(OPENSSL_NO_ECDH) \
	&& !defined(OPENSSL_NO_ECDSA)
# define HAVE_EC
#endif

#if defined(HAVE_EC)
/* If OPENSSL_NO_EC is set, there will be an error in ec.h included from engine.h
   So if EC is disabled, you can't use Engine either....
*/
#include <openssl/engine.h>
#include <openssl/pem.h>


static const char *test_engine_id = "MD5";
static const char *test_engine_name = "MD5 test engine";

#if defined(FAKE_RSA_IMPL)
/*-------- test of private/public keys and RSA in engine ---------*/
static RSA_METHOD *test_rsa_method = NULL;

/* Our on "RSA" implementation */
static int test_rsa_sign(int dtype, const unsigned char *m,
                         unsigned int m_len, unsigned char *sigret,
                         unsigned int *siglen, const RSA *rsa);
static int test_rsa_verify(int dtype, const unsigned char *m,
                           unsigned int m_len, const unsigned char *sigret,
                           unsigned int siglen, const RSA *rsa);
static int test_rsa_free(RSA *rsa);
#endif /* if defined(FAKE_RSA_IMPL) */

/* The callbacks that does the job of fetching keys on demand by the Engine */
EVP_PKEY* test_privkey_load(ENGINE *eng, const char *id, UI_METHOD *ui_method, void *callback_data);
EVP_PKEY* test_pubkey_load(ENGINE *eng, const char *id, UI_METHOD *ui_method, void *callback_data);

EVP_PKEY* test_key_load(ENGINE *er, const char *id, UI_METHOD *ui_method, void *callback_data, int priv);

/*----------------------------------------------------------------*/

static int test_init(ENGINE *e) {
    printf("OTP Test Engine Initializatzion!\r\n");
    
#if defined(FAKE_RSA_IMPL)
    if (!RSA_meth_set_finish(test_rsa_method, test_rsa_free))
        goto err;
    if (!RSA_meth_set_sign(test_rsa_method, test_rsa_sign))
        goto err;
    if (!RSA_meth_set_verify(test_rsa_method, test_rsa_verify))
        goto err;
#endif /* if defined(FAKE_RSA_IMPL) */

    /* Load all digest and cipher algorithms. Needed for password protected private keys */
    OpenSSL_add_all_ciphers();
    OpenSSL_add_all_digests();

    return 111;

#if defined(FAKE_RSA_IMPL)
err:
    fprintf(stderr, "Setup RSA_METHOD failed\r\n");
    return 0;
#endif
}

static void add_test_data(unsigned char *md, unsigned int len)
{
    unsigned int i;

    for (i=0; i<len; i++) {
        md[i] = (unsigned char)(i & 0xff);
    }
}

#if defined(FAKE_RSA_IMPL)
static int chk_test_data(const unsigned char *md, unsigned int len)
{
    unsigned int i;

    for (i=0; i<len; i++) {
        if (md[i] != (unsigned char)(i & 0xff))
            return 0;
    }
    return 1;
}
#endif /* if defined(FAKE_RSA_IMPL) */

/* MD5 part */
#undef data
#ifdef OLD
#define data(ctx) ((MD5_CTX *)ctx->md_data)
#endif

static int test_engine_md5_init(EVP_MD_CTX *ctx) {
    fprintf(stderr, "MD5 initialized\r\n");
#ifdef OLD
    return MD5_Init(data(ctx));
#else
    return 1;
#endif
}

static int test_engine_md5_update(EVP_MD_CTX *ctx,const void *data, size_t count)
{
    fprintf(stderr, "MD5 update\r\n");
#ifdef OLD
    return MD5_Update(data(ctx), data, (size_t)count);
#else
    return 1;
#endif
}

static int test_engine_md5_final(EVP_MD_CTX *ctx,unsigned char *md) {
#ifdef OLD
    fprintf(stderr, "MD5 final size of EVP_MD: %lu\r\n", sizeof(EVP_MD));
    if (!MD5_Final(md, data(ctx)))
        goto err;

    add_test_data(md, MD5_DIGEST_LENGTH);
    return 1;

 err:
    return 0;
#else
    fprintf(stderr, "MD5 final\r\n");
    add_test_data(md, MD5_DIGEST_LENGTH);
    return 1;
#endif
}

#ifdef OLD
static EVP_MD test_engine_md5_method=  {
        NID_md5,                      /* The name ID for MD5 */
        NID_undef,                    /* IGNORED: MD5 with private key encryption NID */
        MD5_DIGEST_LENGTH,            /* Size of MD5 result, in bytes */
        0,                            /* Flags */
        test_engine_md5_init,         /* digest init */
        test_engine_md5_update,       /* digest update */
        test_engine_md5_final,        /* digest final */
        NULL,                         /* digest copy */
        NULL,                         /* digest cleanup */
        EVP_PKEY_NULL_method,         /* IGNORED: pkey methods */
        MD5_CBLOCK,                   /* Internal blocksize, see rfc1321/md5.h */
        sizeof(EVP_MD *) + sizeof(MD5_CTX),
        NULL,                          /* IGNORED: control function */
};
#endif

static int test_digest_ids[] = {NID_md5};

static int test_engine_digest_selector(ENGINE *e, const EVP_MD **digest,
        const int **nids, int nid) {
    if (!digest) {
        *nids = test_digest_ids;
        fprintf(stderr, "Digest is empty! Nid:%d\r\n", nid);
        return 2;
    }
    fprintf(stderr, "Digest no %d requested\r\n",nid);
    if (nid == NID_md5) {
#ifdef OLD
        *digest = &test_engine_md5_method;
#else
        EVP_MD *md;

        if ((md = EVP_MD_meth_new(NID_md5, NID_undef)) == NULL)
            goto err;
        if (EVP_MD_meth_set_result_size(md, MD5_DIGEST_LENGTH) != 1)
            goto err;
        if (EVP_MD_meth_set_flags(md, 0) != 1)
            goto err;
        if (EVP_MD_meth_set_init(md, test_engine_md5_init) != 1)
            goto err;
        if (EVP_MD_meth_set_update(md, test_engine_md5_update) != 1)
            goto err;
        if (EVP_MD_meth_set_final(md, test_engine_md5_final) != 1)
            goto err;
        if (EVP_MD_meth_set_copy(md, NULL) != 1)
            goto err;
        if (EVP_MD_meth_set_cleanup(md, NULL) != 1)
            goto err;
        if (EVP_MD_meth_set_input_blocksize(md, MD5_CBLOCK) != 1)
            goto err;
        if (EVP_MD_meth_set_app_datasize(md, sizeof(EVP_MD *) + sizeof(MD5_CTX)) != 1)
            goto err;
        if (EVP_MD_meth_set_ctrl(md, NULL) != 1)
            goto err;

        *digest = md;
#endif
    }
    else {
        goto err;
    }
    
    return 1;

 err:
    *digest = NULL;
    return 0;
}

static int bind_helper(ENGINE * e, const char *id)
{
#if defined(FAKE_RSA_IMPL)
    if ((test_rsa_method = RSA_meth_new("OTP test RSA method", 0)) == NULL) {
        fprintf(stderr, "RSA_meth_new failed\r\n");
        goto err;
    }
#endif /* if defined(FAKE_RSA_IMPL) */

    if (!ENGINE_set_id(e, test_engine_id))
        goto err;
    if (!ENGINE_set_name(e, test_engine_name))
        goto err;
    if (!ENGINE_set_init_function(e, test_init))
        goto err;
    if (!ENGINE_set_digests(e, &test_engine_digest_selector))
        goto err;
    /* For testing of key storage in an Engine: */
    if (!ENGINE_set_load_privkey_function(e, &test_privkey_load))
        goto err;
    if (!ENGINE_set_load_pubkey_function(e, &test_pubkey_load))
        goto err;

#if defined(FAKE_RSA_IMPL)
    if (!ENGINE_set_RSA(e, test_rsa_method))
        goto err;
#endif /* if defined(FAKE_RSA_IMPL) */

    return 1;

 err:
#if defined(FAKE_RSA_IMPL)
    if (test_rsa_method)
        RSA_meth_free(test_rsa_method);
    test_rsa_method = NULL;
#endif
    return 0;
}

IMPLEMENT_DYNAMIC_CHECK_FN();

IMPLEMENT_DYNAMIC_BIND_FN(bind_helper);

/********************************************************
 *
 * Engine storage simulation
 *
 */
int pem_passwd_cb_fun(char *buf, int size, int rwflag, void *password);

EVP_PKEY* test_privkey_load(ENGINE *eng, const char *id, UI_METHOD *ui_method, void *callback_data) {
    return test_key_load(eng, id, ui_method, callback_data, 1);
}

EVP_PKEY* test_pubkey_load(ENGINE *eng, const char *id, UI_METHOD *ui_method, void *callback_data) {
    return test_key_load(eng, id, ui_method, callback_data, 0);
}

EVP_PKEY* test_key_load(ENGINE *eng, const char *id, UI_METHOD *ui_method, void *callback_data, int priv)
{
    EVP_PKEY *pkey = NULL;
    FILE *f = fopen(id, "r");

    if (!f) {
        fprintf(stderr, "%s:%d fopen(%s) failed\r\n", __FILE__,__LINE__,id);
        return NULL;
    }

    pkey =
        priv
        ? PEM_read_PrivateKey(f, NULL, pem_passwd_cb_fun, callback_data)
        : PEM_read_PUBKEY(f, NULL, NULL, NULL);

    fclose(f);
    
    if (!pkey) {
        fprintf(stderr, "%s:%d Key read from file %s failed.\r\n", __FILE__,__LINE__,id);
        if (callback_data) 
            fprintf(stderr, "Pwd = \"%s\".\r\n", (char *)callback_data);
        fprintf(stderr, "Contents of file \"%s\":\r\n",id);
        f = fopen(id, "r");
        { /* Print the contents of the key file */
            int c;
            while (!feof(f)) {
                switch (c=fgetc(f)) {
                case '\n':
                case '\r': putc('\r',stderr); putc('\n',stderr); break;
                default: putc(c, stderr);
                }
            }
        }
        fprintf(stderr, "File contents printed.\r\n");
        fclose(f);
        return NULL;
    }
    
    return pkey;
}


int pem_passwd_cb_fun(char *buf, int size, int rwflag, void *password) 
{ 
    size_t i;

    if (size < 0)
        return 0;

    fprintf(stderr, "In pem_passwd_cb_fun\r\n");
    if (!password)
        return 0;

    i = strlen(password);
    if (i >= (size_t)size || i > INT_MAX - 1)
        goto err;

    /* whole pwd (incl terminating 0) fits */
    fprintf(stderr, "Got FULL pwd %zu(%d) chars\r\n", i, size);
    memcpy(buf, (char*)password, i+1);
    return (int)i+1;

 err:
    fprintf(stderr, "Got TO LONG pwd %zu(%d) chars\r\n", i, size);
    /* meaningless with a truncated password */
    return 0;
}

#endif

#if defined(FAKE_RSA_IMPL)
/* RSA sign. This returns a fixed string so the test case can test that it was called
   instead of the cryptolib default RSA sign */

static unsigned char fake_flag[] = {255,3,124,180,35,10,180,151,101,247,62,59,80,122,220,
                             142,24,180,191,34,51,150,112,27,43,142,195,60,245,213,80,179};

int test_rsa_sign(int dtype, 
                  /* The digest to sign */
                  const unsigned char *m, unsigned int m_len,
                  /* The allocated buffer to fill with the signature */ 
                  unsigned char *sigret, unsigned int *siglen,
                  /* The key */
                  const RSA *rsa)
{
    fprintf(stderr, "test_rsa_sign (dtype=%i) called m_len=%u *siglen=%u\r\n", dtype, m_len, *siglen);
    if (!sigret) {
        fprintf(stderr, "sigret = NULL\r\n");
        goto err;
    }

    /* {int i;
        fprintf(stderr, "Digest =\r\n");
        for(i=0; i<m_len; i++)
            fprintf(stderr, "%i,", m[i]);
        fprintf(stderr, "\r\n");
    } */

    if ((sizeof(fake_flag) == m_len)
        && bcmp(m,fake_flag,m_len) == 0) {
        int slen;

        printf("To be faked\r\n");
        /* To be faked */
        if ((slen = RSA_size(rsa)) < 0)
            goto err;
        add_test_data(sigret, (unsigned int)slen); /* The signature is 0,1,2...255,0,1... */
        *siglen = (unsigned int)slen; /* Must set this. Why? */
        return 1; /* 1 = success */
    }
    return 0;

 err:
    return -1;
}

int test_rsa_verify(int dtype, 
                    /* The digest to verify */
                    const unsigned char *m, unsigned int m_len,
                    /* The signature */ 
                    const unsigned char *sigret, unsigned int siglen,
                    /* The key */
                    const RSA *rsa)
{
    printf("test_rsa_verify (dtype=%i) called m_len=%u siglen=%u\r\n", dtype, m_len, siglen);

    if ((sizeof(fake_flag) == m_len)
        && bcmp(m,fake_flag,m_len) == 0) {
        int size;

        if ((size = RSA_size(rsa)) < 0)
            return 0;

        printf("To be faked\r\n");
        return (siglen == (unsigned int)size)
            && chk_test_data(sigret, siglen);
    }
    return 0;
}

static int test_rsa_free(RSA *rsa)
{
    printf("test_rsa_free called\r\n");
    return 1;
}

#endif /* if defined(FAKE_RSA_IMPL) */