From ee9df8b9518bd669b062fe2c7273d44adc015da1 Mon Sep 17 00:00:00 2001
From: Hans Nilsson <hans@erlang.org>
Date: Thu, 6 Jul 2017 12:52:45 +0200
Subject: crypto: tests for rsa sign/verify from PR838

---
 lib/crypto/src/crypto.erl        | 17 +++++++-
 lib/crypto/test/crypto_SUITE.erl | 90 +++++++++++++++++++++++++++++++++-------
 2 files changed, 92 insertions(+), 15 deletions(-)

diff --git a/lib/crypto/src/crypto.erl b/lib/crypto/src/crypto.erl
index 4939bcfd1f..1df05462c9 100644
--- a/lib/crypto/src/crypto.erl
+++ b/lib/crypto/src/crypto.erl
@@ -25,7 +25,7 @@
 -export([start/0, stop/0, info_lib/0, info_fips/0, supports/0, enable_fips_mode/1,
          version/0, bytes_to_integer/1]).
 -export([hash/2, hash_init/1, hash_update/2, hash_final/1]).
--export([sign/4, verify/5]).
+-export([sign/4, sign/5, verify/5, verify/6]).
 -export([generate_key/2, generate_key/3, compute_key/4]).
 -export([hmac/3, hmac/4, hmac_init/2, hmac_update/2, hmac_final/1, hmac_final_n/2]).
 -export([cmac/3, cmac/4]).
@@ -45,6 +45,10 @@
 -export([ec_curve/1, ec_curves/0]).
 -export([rand_seed/1]).
 
+%% Private. For tests.
+-export([packed_openssl_version/4]).
+
+
 -deprecated({rand_uniform, 2, next_major_release}).
 
 %% This should correspond to the similar macro in crypto.c
@@ -1004,3 +1008,14 @@ erlint(<<MPIntSize:32/integer,MPIntValue/binary>>) ->
 %%
 mod_exp_nif(_Base,_Exp,_Mod,_bin_hdr) -> ?nif_stub.
 
+
+%%%----------------------------------------------------------------
+%% 9470495 == V(0,9,8,zh).
+%% 268435615 == V(1,0,0,i).
+%% 268439663 == V(1,0,1,f).
+
+packed_openssl_version(MAJ, MIN, FIX, P0) ->
+    %% crypto.c
+    P1 = atom_to_list(P0),
+    P = lists:sum([C-$a||C<-P1]),
+    ((((((((MAJ bsl 8) bor MIN) bsl 8 ) bor FIX) bsl 8) bor (P+1)) bsl 4) bor 16#f).
diff --git a/lib/crypto/test/crypto_SUITE.erl b/lib/crypto/test/crypto_SUITE.erl
index dbfe295900..7f039297dd 100644
--- a/lib/crypto/test/crypto_SUITE.erl
+++ b/lib/crypto/test/crypto_SUITE.erl
@@ -751,10 +751,44 @@ do_sign_verify({Type, Hash, Public, Private, Msg}) ->
     Signature = crypto:sign(Type, Hash, Msg, Private),
     case crypto:verify(Type, Hash, Msg, Signature, Public) of
 	true ->
+            ct:log("OK crypto:sign(~p, ~p, ..., ..., ...)", [Type,Hash]),
 	    negative_verify(Type, Hash, Msg, <<10,20>>, Public);
 	false ->
+            ct:log("ERROR crypto:sign(~p, ~p, ..., ..., ...)", [Type,Hash]),
 	    ct:fail({{crypto, verify, [Type, Hash, Msg, Signature, Public]}})
-    end. 
+    end;
+do_sign_verify({Type, Hash, Public, Private, Msg, Options}) ->
+    LibVer =
+        case crypto:info_lib() of
+            [{<<"OpenSSL">>,Ver,<<"OpenSSL",_/binary>>}] -> Ver;
+            _ -> infinity
+        end,
+    Pad = proplists:get_value(rsa_padding, Options),
+    NotSupLow = lists:member(Pad, [rsa_pkcs1_pss_padding]),
+    try
+        crypto:sign(Type, Hash, Msg, Private, Options)
+    of
+        Signature ->
+            case crypto:verify(Type, Hash, Msg, Signature, Public, Options) of
+                true ->
+                    ct:log("OK crypto:sign(~p, ~p, ..., ..., ..., ~p)", [Type,Hash,Options]),
+                    negative_verify(Type, Hash, Msg, <<10,20>>, Public, Options);
+                false ->
+                    ct:log("ERROR crypto:sign(~p, ~p, ..., ..., ..., ~p)", [Type,Hash,Options]),
+                    ct:fail({{crypto, verify, [Type, Hash, Msg, Signature, Public, Options]}})
+            end
+    catch
+        error:notsup when NotSupLow == true,
+                          is_integer(LibVer),
+                          LibVer < 16#10001000 ->
+            %% Thoose opts where introduced in 1.0.1
+            ct:log("notsup but OK in old cryptolib crypto:sign(~p, ~p, ..., ..., ..., ~p)",
+                   [Type,Hash,Options]),
+            true;
+        C:E ->
+            ct:log("~p:~p  crypto:sign(~p, ~p, ..., ..., ..., ~p)", [C,E,Type,Hash,Options]),
+            ct:fail({{crypto, sign_verify, [LibVer, Type, Hash, Msg, Public, Options]}})
+    end.
 
 negative_verify(Type, Hash, Msg, Signature, Public) ->
     case crypto:verify(Type, Hash, Msg, Signature, Public) of
@@ -764,6 +798,14 @@ negative_verify(Type, Hash, Msg, Signature, Public) ->
 	    ok
     end.
 
+negative_verify(Type, Hash, Msg, Signature, Public, Options) ->
+    case crypto:verify(Type, Hash, Msg, Signature, Public, Options) of
+	true ->
+	    ct:fail({{crypto, verify, [Type, Hash, Msg, Signature, Public, Options]}, should_fail});
+	false ->
+	    ok
+    end.
+
 do_public_encrypt({Type, Public, Private, Msg, Padding}) ->
     PublicEcn = (catch crypto:public_encrypt(Type, Msg, Public, Padding)),
     case crypto:private_decrypt(Type, PublicEcn, Private, Padding) of
@@ -1268,18 +1310,38 @@ group_config(_, Config) ->
     Config.
 
 sign_verify_tests(Type, Msg, Public, Private, PublicS, PrivateS) ->
-    sign_verify_tests(Type, [md5, sha, sha224, sha256], Msg, Public, Private) ++
-	sign_verify_tests(Type, [sha384, sha512], Msg, PublicS, PrivateS).
-
-sign_verify_tests(Type, Hashs, Msg, Public, Private) ->
-    lists:foldl(fun(Hash, Acc) -> 
-			case is_supported(Hash) of
-			    true ->
-				[{Type, Hash,  Public, Private, Msg}|Acc];
-			    false ->
-			      Acc
-			end
-		end, [], Hashs).
+    gen_sign_verify_tests(Type, [md5, ripemd160, sha, sha224, sha256], Msg, Public, Private,
+			  [undefined,
+			   [{rsa_padding, rsa_pkcs1_pss_padding}],
+			   [{rsa_padding, rsa_pkcs1_pss_padding}, {rsa_pss_saltlen, 0}],
+			   [{rsa_padding, rsa_x931_padding}]
+			  ]) ++
+	gen_sign_verify_tests(Type, [sha384, sha512], Msg, PublicS, PrivateS,
+			      [undefined,
+			       [{rsa_padding, rsa_pkcs1_pss_padding}],
+			       [{rsa_padding, rsa_pkcs1_pss_padding}, {rsa_pss_saltlen, 0}],
+			       [{rsa_padding, rsa_x931_padding}]
+			      ]).
+
+gen_sign_verify_tests(Type, Hashs, Msg, Public, Private, Opts) ->
+    lists:foldr(fun(Hash, Acc0) ->
+	case is_supported(Hash) of
+	    true ->
+		lists:foldr(fun
+		    (undefined, Acc1) ->
+			[{Type, Hash, Public, Private, Msg} | Acc1];
+		    ([{rsa_padding, rsa_x931_padding} | _], Acc1)
+			    when Hash =:= md5
+			    orelse Hash =:= ripemd160
+			    orelse Hash =:= sha224 ->
+			Acc1;
+		    (Opt, Acc1) ->
+			[{Type, Hash, Public, Private, Msg, Opt} | Acc1]
+		end, Acc0, Opts);
+	    false ->
+		Acc0
+	end
+    end, [], Hashs).
 
 rfc_1321_msgs() ->
     [<<"">>, 
@@ -2300,7 +2362,7 @@ fmt_words(Words) ->
 
 log_rsp_size(Label, Term) ->
     S = erts_debug:size(Term),
-    ct:pal("~s: ~w test(s), Memory used: ~s",
+    ct:log("~s: ~w test(s), Memory used: ~s",
            [Label, length(Term), fmt_words(S)]).
 
 read_rsp(Config, Type, Files) ->
-- 
cgit v1.2.3