Skip to content

Commit

Permalink
Refactor Key Generation test
Browse files Browse the repository at this point in the history 
- Make each key type test configurable via command argument
- Call tgenkey from the basic test suite with proper arguments

Signed-off-by: Simo Sorce <[email protected]>
  • Loading branch information
@simo5
simo5 committed Apr 12, 2024
1 parent 2970ad3 commit 255702c
Show file tree
Hide file tree
Showing 3 changed files with 198 additions and 138 deletions.
1 change: 0 additions & 1 deletion tests/Makefile.am
View file
Original file line number Diff line number Diff line change
Expand Up @@ -87,7 +87,6 @@ test_LIST = \
oaepsha2-softokn.t \
hkdf-softokn.t \
rsapss-softokn.t \
genkey-softokn.t genkey-softhsm.t \
session-softokn.t session-softhsm.t \
rand-softokn.t rand-softhsm.t \
readkeys-softokn.t readkeys-softhsm.t \
Expand Down
12 changes: 12 additions & 0 deletions tests/tbasic
View file
Original file line number Diff line number Diff line change
Expand Up @@ -268,4 +268,16 @@ if [[ -n $ECBASE3URI ]]; then
fi
OPENSSL_CONF=${ORIG_OPENSSL_CONF}

title PARA "Test Key generation"
output=$(${TESTBLDDIR}/tgenkey "RSA,RSA-PSS,EC,RSAKeyUsage" 2>&1)
FAIL=0
echo "$output" | grep "Performed tests: 4" || FAIL=1
if [ $FAIL -ne 0 ]; then
echo
echo "Original command output:"
echo "$output"
echo
exit 1
fi

exit 0
323 changes: 186 additions & 137 deletions tests/tgenkey.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -345,8 +345,48 @@ static void sign_test(const char *label, bool fail)
EVP_MD_CTX_free(ctx);
}

static void tokenize(char **result, int max, char *str) {
char *copy;
char *ptr;
char *saveptr;
int num = 0;

copy = strdup(str);
if (!copy) {
fprintf(stderr, "strdup failed\n");
exit(EXIT_FAILURE);
}

ptr = copy;
saveptr = NULL;

while (num < max) {
char *tok = strtok_r(ptr, ",", &saveptr);
ptr = NULL;
if (tok == NULL) {
break;
}
result[num] = strdup(tok);
if (!result[num]) {
fprintf(stderr, "strdup failed\n");
exit(EXIT_FAILURE);
}
num++;
}

result[num] = NULL;
}

static void freetokens(char **tokens) {
for (int num = 0; tokens[num] != NULL; num++) {
free(tokens[num]);
tokens[num] = NULL;
}
}

int main(int argc, char *argv[])
{
char *tests[11] = { 0 };
char *label;
unsigned char id[16];
char idhex[16 * 3 + 1];
Expand All @@ -356,155 +396,164 @@ int main(int argc, char *argv[])
const char *bad_usage = "dataEncipherment gibberish ";
OSSL_PARAM params[4];
int miniid;
int num;
int ret;

/* RSA */
ret = RAND_bytes(id, 16);
if (ret != 1) {
fprintf(stderr, "Failed to set generate key id\n");
exit(EXIT_FAILURE);
}
miniid = (id[0] << 24) + (id[1] << 16) + (id[2] << 8) + id[3];
ret = asprintf(&label, "Test-RSA-gen-%08x", miniid);
if (ret == -1) {
fprintf(stderr, "Failed to make label");
exit(EXIT_FAILURE);
}
hexify(idhex, id, 16);
ret = asprintf(&uri, "pkcs11:object=%s;id=%s", label, idhex);
if (ret == -1) {
fprintf(stderr, "Failed to make label");
exit(EXIT_FAILURE);
}
params[0] = OSSL_PARAM_construct_utf8_string("pkcs11_uri", uri, 0);
params[1] =
OSSL_PARAM_construct_size_t(OSSL_PKEY_PARAM_RSA_BITS, &rsa_bits);
params[2] = OSSL_PARAM_construct_end();

gen_keys("RSA", label, idhex, params, false);
free(label);
free(uri);

/* RSA-PSS */
ret = RAND_bytes(id, 16);
if (ret != 1) {
fprintf(stderr, "Failed to set generate key id\n");
exit(EXIT_FAILURE);
}
miniid = (id[0] << 24) + (id[1] << 16) + (id[2] << 8) + id[3];
ret = asprintf(&label, "Test-RSA-PSS-gen-%08x", miniid);
if (ret == -1) {
fprintf(stderr, "Failed to make label");
exit(EXIT_FAILURE);
}
hexify(idhex, id, 16);
ret = asprintf(&uri, "pkcs11:object=%s;id=%s", label, idhex);
if (ret == -1) {
fprintf(stderr, "Failed to make label");
exit(EXIT_FAILURE);
}
params[0] = OSSL_PARAM_construct_utf8_string("pkcs11_uri", uri, 0);
params[1] =
OSSL_PARAM_construct_size_t(OSSL_PKEY_PARAM_RSA_BITS, &rsa_bits);
params[2] = OSSL_PARAM_construct_utf8_string("rsa_pss_keygen_md",
(char *)"SHA256", 0);
params[3] = OSSL_PARAM_construct_end();

gen_keys("RSA-PSS", label, idhex, params, false);
free(label);
free(uri);

/* EC */
ret = RAND_bytes(id, 16);
if (ret != 1) {
fprintf(stderr, "Failed to set generate key id\n");
exit(EXIT_FAILURE);
}
miniid = (id[0] << 24) + (id[1] << 16) + (id[2] << 8) + id[3];
ret = asprintf(&label, "Test-EC-gen-%08x", miniid);
if (ret == -1) {
fprintf(stderr, "Failed to make label");
exit(EXIT_FAILURE);
}
hexify(idhex, id, 16);
ret = asprintf(&uri, "pkcs11:object=%s;id=%s", label, idhex);
if (ret == -1) {
fprintf(stderr, "Failed to make label");
exit(EXIT_FAILURE);
if (argc > 1) {
tokenize(tests, 10, argv[1]);
}
params[0] = OSSL_PARAM_construct_utf8_string("pkcs11_uri", uri, 0);
params[1] = OSSL_PARAM_construct_utf8_string("ec_paramgen_curve",
(char *)"P-256", 0);
params[2] = OSSL_PARAM_construct_end();

gen_keys("EC", label, idhex, params, false);
free(label);
free(uri);

/* RSA with Key Usage restrictions */
ret = RAND_bytes(id, 16);
if (ret != 1) {
fprintf(stderr, "Failed to set generate key id\n");
exit(EXIT_FAILURE);
}
miniid = (id[0] << 24) + (id[1] << 16) + (id[2] << 8) + id[3];
ret = asprintf(&label, "Test-RSA-Key-Usage-%08x", miniid);
if (ret == -1) {
fprintf(stderr, "Failed to make label");
exit(EXIT_FAILURE);
}
hexify(idhex, id, 16);
ret = asprintf(&uri, "pkcs11:object=%s;id=%s", label, idhex);
if (ret == -1) {
fprintf(stderr, "Failed to make label");
exit(EXIT_FAILURE);
}
params[0] = OSSL_PARAM_construct_utf8_string("pkcs11_uri", uri, 0);
params[1] = OSSL_PARAM_construct_utf8_string("pkcs11_key_usage",
(char *)key_usage, 0);
params[2] =
OSSL_PARAM_construct_size_t(OSSL_PKEY_PARAM_RSA_BITS, &rsa_bits);
params[3] = OSSL_PARAM_construct_end();
for (num = 0; num < 10 && tests[num] != NULL; num++) {
if (strcmp(tests[num], "RSA") == 0) {
ret = RAND_bytes(id, 16);
if (ret != 1) {
fprintf(stderr, "Failed to set generate key id\n");
exit(EXIT_FAILURE);
}
miniid = (id[0] << 24) + (id[1] << 16) + (id[2] << 8) + id[3];
ret = asprintf(&label, "Test-RSA-gen-%08x", miniid);
if (ret == -1) {
fprintf(stderr, "Failed to make label");
exit(EXIT_FAILURE);
}
hexify(idhex, id, 16);
ret = asprintf(&uri, "pkcs11:object=%s;id=%s", label, idhex);
if (ret == -1) {
fprintf(stderr, "Failed to make label");
exit(EXIT_FAILURE);
}
params[0] = OSSL_PARAM_construct_utf8_string("pkcs11_uri", uri, 0);
params[1] =
OSSL_PARAM_construct_size_t(OSSL_PKEY_PARAM_RSA_BITS, &rsa_bits);
params[2] = OSSL_PARAM_construct_end();

gen_keys("RSA", label, idhex, params, false);
free(label);
free(uri);

} else if (strcmp(tests[num], "RSA-PSS") == 0) {
ret = RAND_bytes(id, 16);
if (ret != 1) {
fprintf(stderr, "Failed to set generate key id\n");
exit(EXIT_FAILURE);
}
miniid = (id[0] << 24) + (id[1] << 16) + (id[2] << 8) + id[3];
ret = asprintf(&label, "Test-RSA-PSS-gen-%08x", miniid);
if (ret == -1) {
fprintf(stderr, "Failed to make label");
exit(EXIT_FAILURE);
}
hexify(idhex, id, 16);
ret = asprintf(&uri, "pkcs11:object=%s;id=%s", label, idhex);
if (ret == -1) {
fprintf(stderr, "Failed to make label");
exit(EXIT_FAILURE);
}
params[0] = OSSL_PARAM_construct_utf8_string("pkcs11_uri", uri, 0);
params[1] =
OSSL_PARAM_construct_size_t(OSSL_PKEY_PARAM_RSA_BITS, &rsa_bits);
params[2] = OSSL_PARAM_construct_utf8_string("rsa_pss_keygen_md",
(char *)"SHA256", 0);
params[3] = OSSL_PARAM_construct_end();

gen_keys("RSA-PSS", label, idhex, params, false);
free(label);
free(uri);

} else if (strcmp(tests[num], "EC") == 0) {
ret = RAND_bytes(id, 16);
if (ret != 1) {
fprintf(stderr, "Failed to set generate key id\n");
exit(EXIT_FAILURE);
}
miniid = (id[0] << 24) + (id[1] << 16) + (id[2] << 8) + id[3];
ret = asprintf(&label, "Test-EC-gen-%08x", miniid);
if (ret == -1) {
fprintf(stderr, "Failed to make label");
exit(EXIT_FAILURE);
}
hexify(idhex, id, 16);
ret = asprintf(&uri, "pkcs11:object=%s;id=%s", label, idhex);
if (ret == -1) {
fprintf(stderr, "Failed to make label");
exit(EXIT_FAILURE);
}
params[0] = OSSL_PARAM_construct_utf8_string("pkcs11_uri", uri, 0);
params[1] = OSSL_PARAM_construct_utf8_string("ec_paramgen_curve",
(char *)"P-256", 0);
params[2] = OSSL_PARAM_construct_end();

gen_keys("EC", label, idhex, params, false);
free(label);
free(uri);

} else if (strcmp(tests[num], "RSAKeyUsage") == 0) {
ret = RAND_bytes(id, 16);
if (ret != 1) {
fprintf(stderr, "Failed to set generate key id\n");
exit(EXIT_FAILURE);
}
miniid = (id[0] << 24) + (id[1] << 16) + (id[2] << 8) + id[3];
ret = asprintf(&label, "Test-RSA-Key-Usage-%08x", miniid);
if (ret == -1) {
fprintf(stderr, "Failed to make label");
exit(EXIT_FAILURE);
}
hexify(idhex, id, 16);
ret = asprintf(&uri, "pkcs11:object=%s;id=%s", label, idhex);
if (ret == -1) {
fprintf(stderr, "Failed to make label");
exit(EXIT_FAILURE);
}
params[0] = OSSL_PARAM_construct_utf8_string("pkcs11_uri", uri, 0);
params[1] = OSSL_PARAM_construct_utf8_string("pkcs11_key_usage",
(char *)key_usage, 0);
params[2] =
OSSL_PARAM_construct_size_t(OSSL_PKEY_PARAM_RSA_BITS, &rsa_bits);
params[3] = OSSL_PARAM_construct_end();

gen_keys("RSA", label, idhex, params, false);
gen_keys("RSA", label, idhex, params, false);

sign_test(label, true);
sign_test(label, true);

params[1] = OSSL_PARAM_construct_utf8_string("pkcs11_key_usage",
(char *)bad_usage, 0);
params[1] = OSSL_PARAM_construct_utf8_string("pkcs11_key_usage",
(char *)bad_usage, 0);

gen_keys("RSA", label, idhex, params, true);
free(label);
free(uri);
gen_keys("RSA", label, idhex, params, true);

char *p11lib = getenv("P11LIB");
if (p11lib != NULL && strstr(p11lib, "softhsm") != NULL) {
/* Check Ed25519 keys if supported */
ret = RAND_bytes(id, 16);
if (ret != 1) {
fprintf(stderr, "Failed to set generate key id\n");
exit(EXIT_FAILURE);
}
miniid = (id[0] << 24) + (id[1] << 16) + (id[2] << 8) + id[3];
ret = asprintf(&label, "Test-Ed-gen-%08x", miniid);
if (ret == -1) {
fprintf(stderr, "Failed to make label");
exit(EXIT_FAILURE);
}
hexify(idhex, id, 16);
ret = asprintf(&uri, "pkcs11:object=%s;id=%s", label, idhex);
if (ret == -1) {
fprintf(stderr, "Failed to make label");
free(label);
free(uri);
} else if (strcmp(tests[num], "ED25519") == 0) {
ret = RAND_bytes(id, 16);
if (ret != 1) {
fprintf(stderr, "Failed to set generate key id\n");
exit(EXIT_FAILURE);
}
miniid = (id[0] << 24) + (id[1] << 16) + (id[2] << 8) + id[3];
ret = asprintf(&label, "Test-Ed-gen-%08x", miniid);
if (ret == -1) {
fprintf(stderr, "Failed to make label");
exit(EXIT_FAILURE);
}
hexify(idhex, id, 16);
ret = asprintf(&uri, "pkcs11:object=%s;id=%s", label, idhex);
if (ret == -1) {
fprintf(stderr, "Failed to make label");
exit(EXIT_FAILURE);
}
params[0] = OSSL_PARAM_construct_utf8_string("pkcs11_uri", uri, 0);
params[1] = OSSL_PARAM_construct_end();

gen_keys("ED25519", label, idhex, params, false);
free(label);
free(uri);
} else {
fprintf(stderr, "Unknown test type [%s]\n", tests[num]);
exit(EXIT_FAILURE);
}
params[0] = OSSL_PARAM_construct_utf8_string("pkcs11_uri", uri, 0);
params[1] = OSSL_PARAM_construct_end();

gen_keys("ED25519", label, idhex, params, false);
free(label);
free(uri);
}

fprintf(stderr, "ALL A-OK!");
freetokens(tests);
fprintf(stderr, "Performed tests: %d\n", num);
exit(EXIT_SUCCESS);
}

0 comments on commit 255702c

Please sign in to comment.