[thirdparty/openssl.git] / test / evp_fetch_prov_test.c

/*
 * Copyright 2019-2020 The OpenSSL Project Authors. All Rights Reserved.
 *
 * Licensed under the Apache License 2.0 (the "License").  You may not use
 * this file except in compliance with the License.  You can obtain a copy
 * in the file LICENSE in the source distribution or at
 * https://www.openssl.org/source/license.html
 */

/*
 * SHA256 low level APIs are deprecated for public use, but still ok for
 * internal use.  Note, that due to symbols not being exported, only the
 * #defines can be accessed.  In this case SHA256_CBLOCK.
 */
#include "internal/deprecated.h"

#include <string.h>
#include <openssl/sha.h>
#include <openssl/evp.h>
#include <openssl/provider.h>
#include "testutil.h"

static char *config_file = NULL;
static char *alg = "digest";
static int use_default_ctx = 0;
static char *fetch_property = NULL;
static int expected_fetch_result = 1;

typedef enum OPTION_choice {
    OPT_ERR = -1,
    OPT_EOF = 0,
    OPT_ALG_FETCH_TYPE,
    OPT_FETCH_PROPERTY,
    OPT_FETCH_FAILURE,
    OPT_USE_DEFAULTCTX,
    OPT_CONFIG_FILE,
    OPT_TEST_ENUM
} OPTION_CHOICE;

const OPTIONS *test_get_options(void)
{
    static const OPTIONS test_options[] = {
        OPT_TEST_OPTIONS_WITH_EXTRA_USAGE("[provname...]\n"),
        { "config", OPT_CONFIG_FILE, '<', "The configuration file to use for the libctx" },
        { "type", OPT_ALG_FETCH_TYPE, 's', "The fetch type to test" },
        { "property", OPT_FETCH_PROPERTY, 's', "The fetch property e.g. provider=fips" },
        { "fetchfail", OPT_FETCH_FAILURE, '-', "fetch is expected to fail" },
        { "defaultctx", OPT_USE_DEFAULTCTX, '-',
          "Use the default context if this is set" },
        { OPT_HELP_STR, 1, '-',
          "file\tProvider names to explicitly load\n" },
        { NULL }
    };
    return test_options;
}

static int calculate_digest(const EVP_MD *md, const char *msg, size_t len,
                            const unsigned char *exptd)
{
    unsigned char out[SHA256_DIGEST_LENGTH];
    EVP_MD_CTX *ctx;
    int ret = 0;

    if (!TEST_ptr(ctx = EVP_MD_CTX_new())
            || !TEST_true(EVP_DigestInit_ex(ctx, md, NULL))
            || !TEST_true(EVP_DigestUpdate(ctx, msg, len))
            || !TEST_true(EVP_DigestFinal_ex(ctx, out, NULL))
            || !TEST_mem_eq(out, SHA256_DIGEST_LENGTH, exptd,
                            SHA256_DIGEST_LENGTH)
            || !TEST_true(md == EVP_MD_CTX_md(ctx)))
        goto err;

    ret = 1;
 err:
    EVP_MD_CTX_free(ctx);
    return ret;
}

static int load_providers(OPENSSL_CTX **libctx, OSSL_PROVIDER *prov[])
{
    OPENSSL_CTX *ctx = NULL;
    int ret = 0;
    size_t i;

    ctx = OPENSSL_CTX_new();
    if (!TEST_ptr(ctx))
        goto err;

    if (!TEST_true(OPENSSL_CTX_load_config(ctx, config_file)))
        goto err;
    if (test_get_argument_count() > 2)
        goto err;

    for (i = 0; i < test_get_argument_count(); ++i) {
        char *provname = test_get_argument(i);
        prov[i] = OSSL_PROVIDER_load(ctx, provname);
        if (!TEST_ptr(prov[i]))
            goto err;
    }

    ret = 1;
    *libctx = ctx;
err:
    if (ret == 0)
        OPENSSL_CTX_free(ctx);
    return ret;
}

/*
 * Test EVP_MD_fetch()
 */
static int test_EVP_MD_fetch(void)
{
    OPENSSL_CTX *ctx = NULL;
    EVP_MD *md = NULL;
    OSSL_PROVIDER *prov[2] = {NULL, NULL};
    int ret = 0;
    const char testmsg[] = "Hello world";
    const unsigned char exptd[] = {
      0x27, 0x51, 0x8b, 0xa9, 0x68, 0x30, 0x11, 0xf6, 0xb3, 0x96, 0x07, 0x2c,
      0x05, 0xf6, 0x65, 0x6d, 0x04, 0xf5, 0xfb, 0xc3, 0x78, 0x7c, 0xf9, 0x24,
      0x90, 0xec, 0x60, 0x6e, 0x50, 0x92, 0xe3, 0x26
    };

    if (use_default_ctx == 0 && !load_providers(&ctx, prov))
        goto err;

    /* Implicit fetching of the MD should produce the expected result */
    if (!TEST_true(calculate_digest(EVP_sha256(), testmsg, sizeof(testmsg),
                                    exptd))
            || !TEST_int_eq(EVP_MD_size(EVP_sha256()), SHA256_DIGEST_LENGTH)
            || !TEST_int_eq(EVP_MD_block_size(EVP_sha256()), SHA256_CBLOCK))
        goto err;

    /* Fetch the digest from a provider using properties. */
    md = EVP_MD_fetch(ctx, "SHA256", fetch_property);
    if (expected_fetch_result != 0) {
        if (!TEST_ptr(md)
            || !TEST_int_eq(EVP_MD_nid(md), NID_sha256)
            || !TEST_true(calculate_digest(md, testmsg, sizeof(testmsg), exptd))
            || !TEST_int_eq(EVP_MD_size(md), SHA256_DIGEST_LENGTH)
            || !TEST_int_eq(EVP_MD_block_size(md), SHA256_CBLOCK))
        goto err;

        /* Also test EVP_MD_up_ref() while we're doing this */
        if (!TEST_true(EVP_MD_up_ref(md)))
            goto err;
        /* Ref count should now be 2. Release first one here */
        EVP_MD_meth_free(md);
    } else {
        if (!TEST_ptr_null(md))
            goto err;
    }
    ret = 1;

err:
    EVP_MD_meth_free(md);
    OSSL_PROVIDER_unload(prov[0]);
    OSSL_PROVIDER_unload(prov[1]);
    /* Not normally needed, but we would like to test that
     * OPENSSL_thread_stop_ex() behaves as expected.
     */
    if (ctx != NULL) {
        OPENSSL_thread_stop_ex(ctx);
        OPENSSL_CTX_free(ctx);
    }
    return ret;
}

static int encrypt_decrypt(const EVP_CIPHER *cipher, const unsigned char *msg,
                           size_t len)
{
    int ret = 0, ctlen, ptlen;
    EVP_CIPHER_CTX *ctx = NULL;
    unsigned char key[128 / 8];
    unsigned char ct[64], pt[64];

    memset(key, 0, sizeof(key));
    if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new())
            || !TEST_true(EVP_CipherInit_ex(ctx, cipher, NULL, key, NULL, 1))
            || !TEST_true(EVP_CipherUpdate(ctx, ct, &ctlen, msg, len))
            || !TEST_true(EVP_CipherFinal_ex(ctx, ct, &ctlen))
            || !TEST_true(EVP_CipherInit_ex(ctx, cipher, NULL, key, NULL, 0))
            || !TEST_true(EVP_CipherUpdate(ctx, pt, &ptlen, ct, ctlen))
            || !TEST_true(EVP_CipherFinal_ex(ctx, pt, &ptlen))
            || !TEST_mem_eq(pt, ptlen, msg, len))
        goto err;

    ret = 1;
err:
    EVP_CIPHER_CTX_free(ctx);
    return ret;
}

/*
 * Test EVP_CIPHER_fetch()
 */
static int test_EVP_CIPHER_fetch(void)
{
    OPENSSL_CTX *ctx = NULL;
    EVP_CIPHER *cipher = NULL;
    OSSL_PROVIDER *prov[2] = {NULL, NULL};
    int ret = 0;
    const unsigned char testmsg[] = "Hello world";

    if (use_default_ctx == 0 && !load_providers(&ctx, prov))
        goto err;

    /* Implicit fetching of the cipher should produce the expected result */
    if (!TEST_true(encrypt_decrypt(EVP_aes_128_cbc(), testmsg, sizeof(testmsg))))
        goto err;

    /* Fetch the cipher from a provider using properties. */
    cipher = EVP_CIPHER_fetch(ctx, "AES-128-CBC", fetch_property);
    if (expected_fetch_result != 0) {
        if (!TEST_ptr(cipher)
            || !TEST_true(encrypt_decrypt(cipher, testmsg, sizeof(testmsg)))) {
            if (!TEST_true(EVP_CIPHER_up_ref(cipher)))
                goto err;
            /* Ref count should now be 2. Release first one here */
            EVP_CIPHER_meth_free(cipher);
        }
    } else {
        if (!TEST_ptr_null(cipher))
            goto err;
    }
    ret = 1;
err:
    EVP_CIPHER_meth_free(cipher);
    OSSL_PROVIDER_unload(prov[0]);
    OSSL_PROVIDER_unload(prov[1]);
    OPENSSL_CTX_free(ctx);
    return ret;
}

int setup_tests(void)
{
    OPTION_CHOICE o;

    while ((o = opt_next()) != OPT_EOF) {
        switch (o) {
        case OPT_CONFIG_FILE:
            config_file = opt_arg();
            break;
        case OPT_ALG_FETCH_TYPE:
            alg = opt_arg();
            break;
        case OPT_FETCH_PROPERTY:
            fetch_property = opt_arg();
            break;
        case OPT_FETCH_FAILURE:
            expected_fetch_result = 0;
            break;
        case OPT_USE_DEFAULTCTX:
            use_default_ctx = 1;
            break;
        case OPT_TEST_CASES:
           break;
        default:
        case OPT_ERR:
            return 0;
        }
    }
    if (strcmp(alg, "digest") == 0)
        ADD_TEST(test_EVP_MD_fetch);
    else
        ADD_TEST(test_EVP_CIPHER_fetch);
    return 1;
}
Commit	Line	Data
7bb82f92	1	/*
33388b44	2	* Copyright 2019-2020 The OpenSSL Project Authors. All Rights Reserved.
7bb82f92 SL	3	*
	4	* Licensed under the Apache License 2.0 (the "License"). You may not use
	5	* this file except in compliance with the License. You can obtain a copy
	6	* in the file LICENSE in the source distribution or at
	7	* https://www.openssl.org/source/license.html
	8	*/
	9
85d843c8 P	10	/*
	11	* SHA256 low level APIs are deprecated for public use, but still ok for
	12	* internal use. Note, that due to symbols not being exported, only the
	13	* #defines can be accessed. In this case SHA256_CBLOCK.
	14	*/
	15	#include "internal/deprecated.h"
	16
7bb82f92 SL	17	#include <string.h>
	18	#include <openssl/sha.h>
	19	#include <openssl/evp.h>
	20	#include <openssl/provider.h>
	21	#include "testutil.h"
	22
22e27978	23	static char *config_file = NULL;
7bb82f92 SL	24	static char *alg = "digest";
	25	static int use_default_ctx = 0;
	26	static char *fetch_property = NULL;
	27	static int expected_fetch_result = 1;
	28
	29	typedef enum OPTION_choice {
	30	OPT_ERR = -1,
	31	OPT_EOF = 0,
	32	OPT_ALG_FETCH_TYPE,
	33	OPT_FETCH_PROPERTY,
	34	OPT_FETCH_FAILURE,
	35	OPT_USE_DEFAULTCTX,
22e27978	36	OPT_CONFIG_FILE,
7bb82f92 SL	37	OPT_TEST_ENUM
	38	} OPTION_CHOICE;
	39
	40	const OPTIONS *test_get_options(void)
	41	{
	42	static const OPTIONS test_options[] = {
	43	OPT_TEST_OPTIONS_WITH_EXTRA_USAGE("[provname...]\n"),
22e27978	44	{ "config", OPT_CONFIG_FILE, '<', "The configuration file to use for the libctx" },
7bb82f92	45	{ "type", OPT_ALG_FETCH_TYPE, 's', "The fetch type to test" },
745fc918	46	{ "property", OPT_FETCH_PROPERTY, 's', "The fetch property e.g. provider=fips" },
7bb82f92 SL	47	{ "fetchfail", OPT_FETCH_FAILURE, '-', "fetch is expected to fail" },
	48	{ "defaultctx", OPT_USE_DEFAULTCTX, '-',
	49	"Use the default context if this is set" },
	50	{ OPT_HELP_STR, 1, '-',
	51	"file\tProvider names to explicitly load\n" },
	52	{ NULL }
	53	};
	54	return test_options;
	55	}
	56
	57	static int calculate_digest(const EVP_MD md, const char msg, size_t len,
	58	const unsigned char *exptd)
	59	{
	60	unsigned char out[SHA256_DIGEST_LENGTH];
	61	EVP_MD_CTX *ctx;
	62	int ret = 0;
	63
	64	if (!TEST_ptr(ctx = EVP_MD_CTX_new())
	65	\|\| !TEST_true(EVP_DigestInit_ex(ctx, md, NULL))
	66	\|\| !TEST_true(EVP_DigestUpdate(ctx, msg, len))
	67	\|\| !TEST_true(EVP_DigestFinal_ex(ctx, out, NULL))
	68	\|\| !TEST_mem_eq(out, SHA256_DIGEST_LENGTH, exptd,
	69	SHA256_DIGEST_LENGTH)
	70	\|\| !TEST_true(md == EVP_MD_CTX_md(ctx)))
	71	goto err;
	72
	73	ret = 1;
	74	err:
	75	EVP_MD_CTX_free(ctx);
	76	return ret;
	77	}
	78
	79	static int load_providers(OPENSSL_CTX *libctx, OSSL_PROVIDER prov[])
	80	{
22e27978	81	OPENSSL_CTX *ctx = NULL;
7bb82f92 SL	82	int ret = 0;
	83	size_t i;
	84
	85	ctx = OPENSSL_CTX_new();
	86	if (!TEST_ptr(ctx))
	87	goto err;
	88
22e27978 SL	89	if (!TEST_true(OPENSSL_CTX_load_config(ctx, config_file)))
22e27978 SL	90	goto err;
7bb82f92 SL	91	if (test_get_argument_count() > 2)
	92	goto err;
	93
	94	for (i = 0; i < test_get_argument_count(); ++i) {
	95	char *provname = test_get_argument(i);
	96	prov[i] = OSSL_PROVIDER_load(ctx, provname);
	97	if (!TEST_ptr(prov[i]))
	98	goto err;
	99	}
22e27978	100
7bb82f92 SL	101	ret = 1;
	102	*libctx = ctx;
	103	err:
22e27978 SL	104	if (ret == 0)
22e27978 SL	105	OPENSSL_CTX_free(ctx);
7bb82f92 SL	106	return ret;
	107	}
	108
	109	/*
	110	* Test EVP_MD_fetch()
	111	*/
	112	static int test_EVP_MD_fetch(void)
	113	{
	114	OPENSSL_CTX *ctx = NULL;
	115	EVP_MD *md = NULL;
	116	OSSL_PROVIDER *prov[2] = {NULL, NULL};
	117	int ret = 0;
	118	const char testmsg[] = "Hello world";
	119	const unsigned char exptd[] = {
	120	0x27, 0x51, 0x8b, 0xa9, 0x68, 0x30, 0x11, 0xf6, 0xb3, 0x96, 0x07, 0x2c,
	121	0x05, 0xf6, 0x65, 0x6d, 0x04, 0xf5, 0xfb, 0xc3, 0x78, 0x7c, 0xf9, 0x24,
	122	0x90, 0xec, 0x60, 0x6e, 0x50, 0x92, 0xe3, 0x26
	123	};
	124
	125	if (use_default_ctx == 0 && !load_providers(&ctx, prov))
	126	goto err;
	127
	128	/* Implicit fetching of the MD should produce the expected result */
	129	if (!TEST_true(calculate_digest(EVP_sha256(), testmsg, sizeof(testmsg),
	130	exptd))
	131	\|\| !TEST_int_eq(EVP_MD_size(EVP_sha256()), SHA256_DIGEST_LENGTH)
	132	\|\| !TEST_int_eq(EVP_MD_block_size(EVP_sha256()), SHA256_CBLOCK))
	133	goto err;
	134
	135	/* Fetch the digest from a provider using properties. */
	136	md = EVP_MD_fetch(ctx, "SHA256", fetch_property);
	137	if (expected_fetch_result != 0) {
	138	if (!TEST_ptr(md)
	139	\|\| !TEST_int_eq(EVP_MD_nid(md), NID_sha256)
	140	\|\| !TEST_true(calculate_digest(md, testmsg, sizeof(testmsg), exptd))
	141	\|\| !TEST_int_eq(EVP_MD_size(md), SHA256_DIGEST_LENGTH)
	142	\|\| !TEST_int_eq(EVP_MD_block_size(md), SHA256_CBLOCK))
	143	goto err;
	144
	145	/* Also test EVP_MD_up_ref() while we're doing this */
	146	if (!TEST_true(EVP_MD_up_ref(md)))
	147	goto err;
	148	/* Ref count should now be 2. Release first one here */
	149	EVP_MD_meth_free(md);
	150	} else {
	151	if (!TEST_ptr_null(md))
	152	goto err;
	153	}
	154	ret = 1;
	155
	156	err:
	157	EVP_MD_meth_free(md);
	158	OSSL_PROVIDER_unload(prov[0]);
	159	OSSL_PROVIDER_unload(prov[1]);
	160	/* Not normally needed, but we would like to test that
	161	* OPENSSL_thread_stop_ex() behaves as expected.
	162	*/
	163	if (ctx != NULL) {
	164	OPENSSL_thread_stop_ex(ctx);
	165	OPENSSL_CTX_free(ctx);
	166	}
	167	return ret;
	168	}
	169
170	static int encrypt_decrypt(const EVP_CIPHER cipher, const unsigned char msg,
171	size_t len)
172	{
173	int ret = 0, ctlen, ptlen;
174	EVP_CIPHER_CTX *ctx = NULL;
175	unsigned char key[128 / 8];
176	unsigned char ct[64], pt[64];
177
178	memset(key, 0, sizeof(key));
179	if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new())
180	\|\| !TEST_true(EVP_CipherInit_ex(ctx, cipher, NULL, key, NULL, 1))
181	\|\| !TEST_true(EVP_CipherUpdate(ctx, ct, &ctlen, msg, len))
182	\|\| !TEST_true(EVP_CipherFinal_ex(ctx, ct, &ctlen))
183	\|\| !TEST_true(EVP_CipherInit_ex(ctx, cipher, NULL, key, NULL, 0))
184	\|\| !TEST_true(EVP_CipherUpdate(ctx, pt, &ptlen, ct, ctlen))
185	\|\| !TEST_true(EVP_CipherFinal_ex(ctx, pt, &ptlen))
186	\|\| !TEST_mem_eq(pt, ptlen, msg, len))
187	goto err;
188
189	ret = 1;
190	err:
191	EVP_CIPHER_CTX_free(ctx);
192	return ret;
193	}
194
195	/*
196	* Test EVP_CIPHER_fetch()
197	*/
198	static int test_EVP_CIPHER_fetch(void)
199	{
200	OPENSSL_CTX *ctx = NULL;
201	EVP_CIPHER *cipher = NULL;
202	OSSL_PROVIDER *prov[2] = {NULL, NULL};
203	int ret = 0;
204	const unsigned char testmsg[] = "Hello world";
205
206	if (use_default_ctx == 0 && !load_providers(&ctx, prov))
207	goto err;
208
209	/* Implicit fetching of the cipher should produce the expected result */
210	if (!TEST_true(encrypt_decrypt(EVP_aes_128_cbc(), testmsg, sizeof(testmsg))))
211	goto err;
212
213	/* Fetch the cipher from a provider using properties. */
214	cipher = EVP_CIPHER_fetch(ctx, "AES-128-CBC", fetch_property);
215	if (expected_fetch_result != 0) {
216	if (!TEST_ptr(cipher)
217	\|\| !TEST_true(encrypt_decrypt(cipher, testmsg, sizeof(testmsg)))) {
218	if (!TEST_true(EVP_CIPHER_up_ref(cipher)))
219	goto err;
220	/* Ref count should now be 2. Release first one here */
221	EVP_CIPHER_meth_free(cipher);
222	}
223	} else {
224	if (!TEST_ptr_null(cipher))
225	goto err;
226	}
227	ret = 1;
228	err:
229	EVP_CIPHER_meth_free(cipher);
230	OSSL_PROVIDER_unload(prov[0]);
231	OSSL_PROVIDER_unload(prov[1]);
232	OPENSSL_CTX_free(ctx);
233	return ret;
234	}
235
236	int setup_tests(void)
237	{
238	OPTION_CHOICE o;
239
240	while ((o = opt_next()) != OPT_EOF) {
241	switch (o) {
22e27978 SL	242	case OPT_CONFIG_FILE:
	243	config_file = opt_arg();
	244	break;
7bb82f92 SL	245	case OPT_ALG_FETCH_TYPE:
	246	alg = opt_arg();
	247	break;
	248	case OPT_FETCH_PROPERTY:
	249	fetch_property = opt_arg();
	250	break;
	251	case OPT_FETCH_FAILURE:
	252	expected_fetch_result = 0;
	253	break;
	254	case OPT_USE_DEFAULTCTX:
	255	use_default_ctx = 1;
	256	break;
	257	case OPT_TEST_CASES:
	258	break;
	259	default:
	260	case OPT_ERR:
	261	return 0;
	262	}
	263	}
	264	if (strcmp(alg, "digest") == 0)
	265	ADD_TEST(test_EVP_MD_fetch);
	266	else
	267	ADD_TEST(test_EVP_CIPHER_fetch);
	268	return 1;
	269	}