wbrawner/openssl
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Adapt the MAC tests, and tests for other things that use EVP_MAC

Browse source 
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8877)
This commit is contained in:
Richard Levitte 2019-07-30 22:52:07 +02:00
parent 776796e818
commit 25446a66b6
3 changed files with 86 additions and 103 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
test/evp_kdf_test.c
View file

@ -260,7 +260,6 @@ static int test_kdf_ss_hmac(void)
{
int ret;
EVP_KDF_CTX *kctx;
const EVP_MAC *mac;
unsigned char out[16];
static const unsigned char z[] = {
0xb7,0x4a,0x14,0x9a,0x16,0x15,0x46,0xf8,0xc2,0x0b,0x06,0xac,0x4e,0xd4
@ -279,8 +278,7 @@ static int test_kdf_ss_hmac(void)
ret =
TEST_ptr(kctx = EVP_KDF_CTX_new_id(EVP_KDF_SS))
&& TEST_ptr(mac = EVP_get_macbyname("HMAC"))
&& TEST_int_gt(EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_MAC, mac), 0)
&& TEST_int_gt(EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_MAC, "HMAC"), 0)
&& TEST_int_gt(EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_MD, EVP_sha256()), 0)
&& TEST_int_gt(EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_KEY, z, sizeof(z)), 0)
&& TEST_int_gt(EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_SSKDF_INFO, other,
@ -299,7 +297,6 @@ static int test_kdf_ss_kmac(void)
int ret;
EVP_KDF_CTX *kctx;
unsigned char out[64];
const EVP_MAC *mac;
static const unsigned char z[] = {
0xb7,0x4a,0x14,0x9a,0x16,0x15,0x46,0xf8,0xc2,0x0b,0x06,0xac,0x4e,0xd4
};
@ -320,8 +317,7 @@ static int test_kdf_ss_kmac(void)
ret =
TEST_ptr(kctx = EVP_KDF_CTX_new_id(EVP_KDF_SS))
&& TEST_ptr(mac = EVP_get_macbyname("KMAC128"))
&& TEST_int_gt(EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_MAC, mac), 0)
&& TEST_int_gt(EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_MAC, "KMAC128"), 0)
&& TEST_int_gt(EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_KEY, z,
sizeof(z)), 0)
&& TEST_int_gt(EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_SSKDF_INFO, other,

173
test/evp_test.c
View file

@ -18,7 +18,10 @@
#include <openssl/x509v3.h>
#include <openssl/pkcs12.h>
#include <openssl/kdf.h>
#include <openssl/params.h>
#include <openssl/core_names.h>
#include "internal/numbers.h"
#include "internal/nelem.h"
#include "testutil.h"
#include "evp_test.h"
@ -865,7 +868,7 @@ static const EVP_TEST_METHOD cipher_test_method = {
typedef struct mac_data_st {
/* MAC type in one form or another */
const EVP_MAC *mac; /* for mac_test_run_mac */
EVP_MAC *mac; /* for mac_test_run_mac */
int type; /* for mac_test_run_pkey */
/* Algorithm string for this MAC */
char *alg;
@ -892,11 +895,11 @@ typedef struct mac_data_st {
static int mac_test_init(EVP_TEST *t, const char *alg)
{
const EVP_MAC *mac = NULL;
EVP_MAC *mac = NULL;
int type = NID_undef;
MAC_DATA *mdat;
if ((mac = EVP_get_macbyname(alg)) == NULL) {
if ((mac = EVP_MAC_fetch(NULL, alg, NULL)) == NULL) {
/*
* Since we didn't find an EVP_MAC, we check for known EVP_PKEY methods
* For debugging purposes, we allow 'NNNN by EVP_PKEY' to force running
@ -964,6 +967,7 @@ static void mac_test_cleanup(EVP_TEST *t)
{
MAC_DATA *mdat = t->data;
EVP_MAC_free(mdat->mac);
sk_OPENSSL_STRING_pop_free(mdat->controls, openssl_free);
OPENSSL_free(mdat->alg);
OPENSSL_free(mdat->key);
@ -1114,11 +1118,14 @@ static int mac_test_run_mac(EVP_TEST *t)
{
MAC_DATA *expected = t->data;
EVP_MAC_CTX *ctx = NULL;
const void *algo = NULL;
int algo_ctrl = 0;
unsigned char *got = NULL;
size_t got_len;
int rv, i;
int i;
OSSL_PARAM params[21];
size_t params_n = 0;
size_t params_n_allocstart = 0;
const OSSL_PARAM *defined_params =
EVP_MAC_CTX_settable_params(expected->mac);
if (expected->alg == NULL)
TEST_info("Trying the EVP_MAC %s test", EVP_MAC_name(expected->mac));
@ -1134,98 +1141,75 @@ static int mac_test_run_mac(EVP_TEST *t)
}
#endif
if (expected->alg != NULL)
params[params_n++] =
OSSL_PARAM_construct_utf8_string(OSSL_MAC_PARAM_ALGORITHM,
expected->alg,
strlen(expected->alg) + 1);
if (expected->key != NULL)
params[params_n++] =
OSSL_PARAM_construct_octet_string(OSSL_MAC_PARAM_KEY,
expected->key,
expected->key_len);
if (expected->custom != NULL)
params[params_n++] =
OSSL_PARAM_construct_octet_string(OSSL_MAC_PARAM_CUSTOM,
expected->custom,
expected->custom_len);
if (expected->salt != NULL)
params[params_n++] =
OSSL_PARAM_construct_octet_string(OSSL_MAC_PARAM_SALT,
expected->salt,
expected->salt_len);
if (expected->iv != NULL)
params[params_n++] =
OSSL_PARAM_construct_octet_string(OSSL_MAC_PARAM_IV,
expected->iv,
expected->iv_len);
/*
* Unknown controls. They must match parameters that the MAC recognises
*/
if (params_n + sk_OPENSSL_STRING_num(expected->controls)
>= OSSL_NELEM(params)) {
t->err = "MAC_TOO_MANY_PARAMETERS";
goto err;
}
params_n_allocstart = params_n;
for (i = 0; i < sk_OPENSSL_STRING_num(expected->controls); i++) {
char *tmpkey, *tmpval;
char *value = sk_OPENSSL_STRING_value(expected->controls, i);
if (!TEST_ptr(tmpkey = OPENSSL_strdup(value))) {
t->err = "MAC_PARAM_ERROR";
goto err;
}
tmpval = strchr(tmpkey, ':');
if (tmpval != NULL)
*tmpval++ = '\0';
if (!OSSL_PARAM_allocate_from_text(&params[params_n], defined_params,
tmpkey, tmpval,
strlen(tmpval))) {
OPENSSL_free(tmpkey);
t->err = "MAC_PARAM_ERROR";
goto err;
}
params_n++;
OPENSSL_free(tmpkey);
}
params[params_n] = OSSL_PARAM_construct_end();
if ((ctx = EVP_MAC_CTX_new(expected->mac)) == NULL) {
t->err = "MAC_CREATE_ERROR";
goto err;
}
if (expected->alg != NULL
&& ((algo_ctrl = EVP_MAC_CTRL_SET_CIPHER,
algo = EVP_get_cipherbyname(expected->alg)) == NULL
&& (algo_ctrl = EVP_MAC_CTRL_SET_MD,
algo = EVP_get_digestbyname(expected->alg)) == NULL)) {
t->err = "MAC_BAD_ALGORITHM";
if (!EVP_MAC_CTX_set_params(ctx, params)) {
t->err = "MAC_BAD_PARAMS";
goto err;
}
if (algo_ctrl != 0) {
rv = EVP_MAC_ctrl(ctx, algo_ctrl, algo);
if (rv == -2) {
t->err = "MAC_CTRL_INVALID";
goto err;
} else if (rv <= 0) {
t->err = "MAC_CTRL_ERROR";
goto err;
}
}
rv = EVP_MAC_ctrl(ctx, EVP_MAC_CTRL_SET_KEY,
expected->key, expected->key_len);
if (rv == -2) {
t->err = "MAC_CTRL_INVALID";
goto err;
} else if (rv <= 0) {
t->err = "MAC_CTRL_ERROR";
goto err;
}
if (expected->custom != NULL) {
rv = EVP_MAC_ctrl(ctx, EVP_MAC_CTRL_SET_CUSTOM,
expected->custom, expected->custom_len);
if (rv == -2) {
t->err = "MAC_CTRL_INVALID";
goto err;
} else if (rv <= 0) {
t->err = "MAC_CTRL_ERROR";
goto err;
}
}
if (expected->salt != NULL) {
rv = EVP_MAC_ctrl(ctx, EVP_MAC_CTRL_SET_SALT,
expected->salt, expected->salt_len);
if (rv == -2) {
t->err = "MAC_CTRL_INVALID";
goto err;
} else if (rv <= 0) {
t->err = "MAC_CTRL_ERROR";
goto err;
}
}
if (expected->iv != NULL) {
rv = EVP_MAC_ctrl(ctx, EVP_MAC_CTRL_SET_IV,
expected->iv, expected->iv_len);
if (rv == -2) {
t->err = "MAC_CTRL_INVALID";
goto err;
} else if (rv <= 0) {
t->err = "MAC_CTRL_ERROR";
goto err;
}
}
for (i = 0; i < sk_OPENSSL_STRING_num(expected->controls); i++) {
char *p, *tmpval;
char *value = sk_OPENSSL_STRING_value(expected->controls, i);
if (!TEST_ptr(tmpval = OPENSSL_strdup(value))) {
t->err = "MAC_CTRL_ERROR";
goto err;
}
p = strchr(tmpval, ':');
if (p != NULL)
*p++ = '\0';
rv = EVP_MAC_ctrl_str(ctx, tmpval, p);
OPENSSL_free(tmpval);
if (rv == -2) {
t->err = "MAC_CTRL_INVALID";
goto err;
} else if (rv <= 0) {
t->err = "MAC_CTRL_ERROR";
goto err;
}
}
if (!EVP_MAC_init(ctx)) {
t->err = "MAC_INIT_ERROR";
goto err;
@ -1234,7 +1218,7 @@ static int mac_test_run_mac(EVP_TEST *t)
t->err = "MAC_UPDATE_ERROR";
goto err;
}
if (!EVP_MAC_final(ctx, NULL, &got_len)) {
if (!EVP_MAC_final(ctx, NULL, &got_len, 0)) {
t->err = "MAC_FINAL_LENGTH_ERROR";
goto err;
}
@ -1242,7 +1226,7 @@ static int mac_test_run_mac(EVP_TEST *t)
t->err = "TEST_FAILURE";
goto err;
}
if (!EVP_MAC_final(ctx, got, &got_len)
if (!EVP_MAC_final(ctx, got, &got_len, got_len)
|| !memory_err_compare(t, "TEST_MAC_ERR",
expected->output, expected->output_len,
got, got_len)) {
@ -1251,6 +1235,9 @@ static int mac_test_run_mac(EVP_TEST *t)
}
t->err = NULL;
err:
while (params_n-- > params_n_allocstart) {
OPENSSL_free(params[params_n].data);
}
EVP_MAC_CTX_free(ctx);
OPENSSL_free(got);
return 1;

8
test/recipes/30-test_evp_data/evpmac.txt
View file

@ -157,7 +157,7 @@ Output = 5150d1772f50834a503e069a973fbd7c
MAC = SipHash
Ctrl = digestsize:13
Key = 000102030405060708090A0B0C0D0E0F
Result = MAC_CTRL_ERROR
Result = MAC_BAD_PARAMS
# SIPHASH - default values: 2,4 rounds, explicit 13-byte mac (invalid size)
# by EVP_PKEY this time
@ -325,7 +325,7 @@ Output = 233a6c732212f4813ec4c9f357e35297e59a652fd24155205f00363f7c54734ee1e8c73
MAC = BLAKE2BMAC
Key = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f
Ctrl = outlen:128
Result = MAC_CTRL_ERROR
Result = MAC_BAD_PARAMS
MAC = BLAKE2BMAC
Key = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f
@ -381,7 +381,7 @@ Output = e9f7704dfe5080a4aafe62a806f53ea7f98ffc24175164158f18ec5497b961f5
MAC = BLAKE2SMAC
Key = 000102030405060708090a0b0c0d0e0f
Ctrl = outlen:64
Result = MAC_CTRL_ERROR
Result = MAC_BAD_PARAMS
MAC = BLAKE2SMAC
Key = 000102030405060708090a0b0c0d0e0f
@ -595,7 +595,7 @@ MAC = HMAC
Algorithm = SHAKE128
Input = "Test that SHAKE128 fails"
Key = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f
Result = MAC_CTRL_ERROR
Result = MAC_BAD_PARAMS
Title = CMAC tests (from FIPS module)