crypto: Update test engine with fake rsa support

We need to test the Engine interface not only for loading, key retrieval and hashing, so it is complemented with a fake rsa method to check sign/verify also.
author: Hans Nilsson <[email protected]> 2018-11-16 16:16:17 +0100
committer: Hans Nilsson <[email protected]> 2018-11-30 14:51:43 +0100
commit: 21c3fbcbbd2971d8a7af0212162045ab778ab0eb (patch)
tree: e71b0dcfb4615a58da8720207094dd9339055e06 /lib/crypto/c_src
parent: dfce5316948c5085e659a9c5fefb10ff8fcdf959 (diff)
download: otp-21c3fbcbbd2971d8a7af0212162045ab778ab0eb.tar.gz
otp-21c3fbcbbd2971d8a7af0212162045ab778ab0eb.tar.bz2
otp-21c3fbcbbd2971d8a7af0212162045ab778ab0eb.zip
1 files changed, 135 insertions, 9 deletions
diff --git a/lib/crypto/c_src/otp_test_engine.c b/lib/crypto/c_src/otp_test_engine.c
index 34c825059f..94c639f5af 100644
--- a/lib/crypto/c_src/otp_test_engine.c
+++ b/lib/crypto/c_src/otp_test_engine.c
@@ -35,7 +35,12 @@
 
 #if OPENSSL_VERSION_NUMBER < PACKED_OPENSSL_VERSION_PLAIN(1,1,0) \
     || defined(LIBRESSL_VERSION_NUMBER)
-#define OLD
+# define OLD
+#endif
+
+#if OPENSSL_VERSION_NUMBER >= PACKED_OPENSSL_VERSION_PLAIN(1,1,0) \
+    && !defined(LIBRESSL_VERSION_NUMBER)
+# define FAKE_RSA_IMPL
 #endif
 
 #if OPENSSL_VERSION_NUMBER >= PACKED_OPENSSL_VERSION(0,9,8,'o') \
@@ -56,13 +61,38 @@
 static const char *test_engine_id = "MD5";
 static const char *test_engine_name = "MD5 test engine";
 
+#if defined(FAKE_RSA_IMPL)
+/*-------- test of private/public keys and RSA in engine ---------*/
+static RSA_METHOD *test_rsa_method = NULL;
+
+/* Our on "RSA" implementation */
+static int test_rsa_sign(int dtype, const unsigned char *m,
+                         unsigned int m_len, unsigned char *sigret,
+                         unsigned int *siglen, const RSA *rsa);
+static int test_rsa_verify(int dtype, const unsigned char *m,
+                           unsigned int m_len, const unsigned char *sigret,
+                           unsigned int siglen, const RSA *rsa);
+static int test_rsa_free(RSA *rsa);
+#endif /* if defined(FAKE_RSA_IMPL) */
+
 /* The callback that does the job of fetching keys on demand by the Engine */
 EVP_PKEY* test_key_load(ENGINE *er, const char *id, UI_METHOD *ui_method, void *callback_data);
 
+/*----------------------------------------------------------------*/
 
 static int test_init(ENGINE *e) {
     printf("OTP Test Engine Initializatzion!\r\n");
     
+#if defined(FAKE_RSA_IMPL)
+    if (    !RSA_meth_set_finish(test_rsa_method, test_rsa_free)
+            || !RSA_meth_set_sign(test_rsa_method, test_rsa_sign)
+            || !RSA_meth_set_verify(test_rsa_method, test_rsa_verify)
+            ) {
+        fprintf(stderr, "Setup RSA_METHOD failed\r\n");
+        return 0;
+    }
+#endif /* if defined(FAKE_RSA_IMPL) */
+
     /* Load all digest and cipher algorithms. Needed for password protected private keys */
     OpenSSL_add_all_ciphers();
     OpenSSL_add_all_digests();
@@ -79,6 +109,19 @@ static void add_test_data(unsigned char *md, unsigned int len)
     }
 }
 
+#if defined(FAKE_RSA_IMPL)
+static int chk_test_data(const unsigned char *md, unsigned int len)
+{
+    unsigned int i;
+
+    for (i=0; i<len; i++) {
+        if (md[i] != (unsigned char)(i & 0xff))
+            return 0;
+    }
+    return 1;
+}
+#endif /* if defined(FAKE_RSA_IMPL) */
+
 /* MD5 part */
 #undef data
 #ifdef OLD
@@ -184,18 +227,33 @@ static int test_engine_digest_selector(ENGINE *e, const EVP_MD **digest,
     return ok;
 }
 
-
 static int bind_helper(ENGINE * e, const char *id)
 {
-    if (!ENGINE_set_id(e, test_engine_id) ||
-        !ENGINE_set_name(e, test_engine_name) ||
-        !ENGINE_set_init_function(e, test_init) ||
-        !ENGINE_set_digests(e, &test_engine_digest_selector) ||
+#if defined(FAKE_RSA_IMPL)
+    test_rsa_method = RSA_meth_new("OTP test RSA method", 0);
+    if (test_rsa_method == NULL) {
+        fprintf(stderr, "RSA_meth_new failed\r\n");
+        return 0;
+    }
+#endif /* if defined(FAKE_RSA_IMPL) */
+
+    if (!ENGINE_set_id(e, test_engine_id)
+        || !ENGINE_set_name(e, test_engine_name)
+        || !ENGINE_set_init_function(e, test_init)
+        || !ENGINE_set_digests(e, &test_engine_digest_selector)
         /* For testing of key storage in an Engine: */
-        !ENGINE_set_load_privkey_function(e, &test_key_load) ||
-        !ENGINE_set_load_pubkey_function(e, &test_key_load)
-    )
+        || !ENGINE_set_load_privkey_function(e, &test_privkey_load)
+        || !ENGINE_set_load_pubkey_function(e, &test_pubkey_load)
+        )
+        return 0;
+
+#if defined(FAKE_RSA_IMPL)
+    if ( !ENGINE_set_RSA(e, test_rsa_method) ) {
+        RSA_meth_free(test_rsa_method);
+        test_rsa_method = NULL;
         return 0;
+    }
+#endif /* if defined(FAKE_RSA_IMPL) */
 
     return 1;
 }
@@ -278,3 +336,71 @@ int pem_passwd_cb_fun(char *buf, int size, int rwflag, void *password)
 }
 
 #endif
+
+#if defined(FAKE_RSA_IMPL)
+/* RSA sign. This returns a fixed string so the test case can test that it was called
+   instead of the cryptolib default RSA sign */
+
+unsigned char fake_flag[] = {255,3,124,180,35,10,180,151,101,247,62,59,80,122,220,
+                             142,24,180,191,34,51,150,112,27,43,142,195,60,245,213,80,179};
+
+int test_rsa_sign(int dtype, 
+                  /* The digest to sign */
+                  const unsigned char *m, unsigned int m_len,
+                  /* The allocated buffer to fill with the signature */ 
+                  unsigned char *sigret, unsigned int *siglen,
+                  /* The key */
+                  const RSA *rsa)
+{
+    int slen;
+    fprintf(stderr, "test_rsa_sign (dtype=%i) called m_len=%u *siglen=%u\r\n", dtype, m_len, *siglen);
+    if (!sigret) {
+        fprintf(stderr, "sigret = NULL\r\n");
+        return -1;
+    }
+
+    /* {int i;
+        fprintf(stderr, "Digest =\r\n");
+        for(i=0; i<m_len; i++)
+            fprintf(stderr, "%i,", m[i]);
+        fprintf(stderr, "\r\n");
+    } */
+
+    if ((sizeof(fake_flag) == m_len)
+        && bcmp(m,fake_flag,m_len) == 0) {
+        printf("To be faked\r\n");
+        /* To be faked */
+        slen = RSA_size(rsa);
+        add_test_data(sigret, slen); /* The signature is 0,1,2...255,0,1... */
+        *siglen = slen; /* Must set this. Why? */
+        return 1; /* 1 = success */
+    }
+    return 0;
+}
+
+int test_rsa_verify(int dtype, 
+                    /* The digest to verify */
+                    const unsigned char *m, unsigned int m_len,
+                    /* The signature */ 
+                    const unsigned char *sigret, unsigned int siglen,
+                    /* The key */
+                    const RSA *rsa)
+{
+    printf("test_rsa_verify (dtype=%i) called m_len=%u siglen=%u\r\n", dtype, m_len, siglen);
+
+    if ((sizeof(fake_flag) == m_len)
+        && bcmp(m,fake_flag,m_len) == 0) {
+        printf("To be faked\r\n");
+        return (siglen ==  RSA_size(rsa)) 
+            && chk_test_data(sigret, siglen);
+    }
+    return 0;
+}
+
+static int test_rsa_free(RSA *rsa)
+{
+    printf("test_rsa_free called\r\n");
+    return 1;
+}
+
+#endif /* if defined(FAKE_RSA_IMPL) */
author	Hans Nilsson <[email protected]>	2018-11-16 16:16:17 +0100
committer	Hans Nilsson <[email protected]>	2018-11-30 14:51:43 +0100
commit	21c3fbcbbd2971d8a7af0212162045ab778ab0eb (patch)
tree	e71b0dcfb4615a58da8720207094dd9339055e06 /lib/crypto/c_src
parent	dfce5316948c5085e659a9c5fefb10ff8fcdf959 (diff)
download	otp-21c3fbcbbd2971d8a7af0212162045ab778ab0eb.tar.gz otp-21c3fbcbbd2971d8a7af0212162045ab778ab0eb.tar.bz2 otp-21c3fbcbbd2971d8a7af0212162045ab778ab0eb.zip