From: Tobias Brunner <tobias@strongswan.org>
Date: Mon, 17 Jul 2023 10:32:59 +0000 (+0200)
Subject: unit-tests: Add a test case for explicit ECDSA parameters
X-Git-Tag: 5.9.12dr2~2^2
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=bb14a2867198c65864946a38ca87eb82a680695f;p=thirdparty%2Fstrongswan.git

unit-tests: Add a test case for explicit ECDSA parameters

Currently only warns about it as older OpenSSL versions (AppVeyor)
don't reject them.
---

diff --git a/src/libstrongswan/tests/suites/test_ecdsa.c b/src/libstrongswan/tests/suites/test_ecdsa.c
index a3981ce0aa..599a64083f 100644
--- a/src/libstrongswan/tests/suites/test_ecdsa.c
+++ b/src/libstrongswan/tests/suites/test_ecdsa.c
@@ -339,6 +339,85 @@ START_TEST(test_load)
 }
 END_TEST
 
+/**
+ * ECDSA-256 key from above, converted with: openssl ec -param_enc explicit
+ */
+static chunk_t explicit_params = chunk_from_chars(
+	0x30,0x82,0x01,0x68,0x02,0x01,0x01,0x04,0x20,0x42,0xc6,0x8c,0xff,0x2b,0x8b,0x87,
+	0xa1,0xfb,0x50,0xf6,0xfe,0xd6,0x88,0xb3,0x0a,0x48,0xb2,0xc5,0x8f,0x50,0xe0,0xcf,
+	0x40,0xfa,0x57,0xd1,0xc6,0x6c,0x20,0x64,0xc5,0xa0,0x81,0xfa,0x30,0x81,0xf7,0x02,
+	0x01,0x01,0x30,0x2c,0x06,0x07,0x2a,0x86,0x48,0xce,0x3d,0x01,0x01,0x02,0x21,0x00,
+	0xff,0xff,0xff,0xff,0x00,0x00,0x00,0x01,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+	0x00,0x00,0x00,0x00,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
+	0x30,0x5b,0x04,0x20,0xff,0xff,0xff,0xff,0x00,0x00,0x00,0x01,0x00,0x00,0x00,0x00,
+	0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
+	0xff,0xff,0xff,0xfc,0x04,0x20,0x5a,0xc6,0x35,0xd8,0xaa,0x3a,0x93,0xe7,0xb3,0xeb,
+	0xbd,0x55,0x76,0x98,0x86,0xbc,0x65,0x1d,0x06,0xb0,0xcc,0x53,0xb0,0xf6,0x3b,0xce,
+	0x3c,0x3e,0x27,0xd2,0x60,0x4b,0x03,0x15,0x00,0xc4,0x9d,0x36,0x08,0x86,0xe7,0x04,
+	0x93,0x6a,0x66,0x78,0xe1,0x13,0x9d,0x26,0xb7,0x81,0x9f,0x7e,0x90,0x04,0x41,0x04,
+	0x6b,0x17,0xd1,0xf2,0xe1,0x2c,0x42,0x47,0xf8,0xbc,0xe6,0xe5,0x63,0xa4,0x40,0xf2,
+	0x77,0x03,0x7d,0x81,0x2d,0xeb,0x33,0xa0,0xf4,0xa1,0x39,0x45,0xd8,0x98,0xc2,0x96,
+	0x4f,0xe3,0x42,0xe2,0xfe,0x1a,0x7f,0x9b,0x8e,0xe7,0xeb,0x4a,0x7c,0x0f,0x9e,0x16,
+	0x2b,0xce,0x33,0x57,0x6b,0x31,0x5e,0xce,0xcb,0xb6,0x40,0x68,0x37,0xbf,0x51,0xf5,
+	0x02,0x21,0x00,0xff,0xff,0xff,0xff,0x00,0x00,0x00,0x00,0xff,0xff,0xff,0xff,0xff,
+	0xff,0xff,0xff,0xbc,0xe6,0xfa,0xad,0xa7,0x17,0x9e,0x84,0xf3,0xb9,0xca,0xc2,0xfc,
+	0x63,0x25,0x51,0x02,0x01,0x01,0xa1,0x44,0x03,0x42,0x00,0x04,0x9c,0xb2,0x52,0xcb,
+	0xc0,0x5c,0xcf,0x97,0xdd,0xd6,0xe7,0x49,0x32,0x47,0x0c,0x8e,0xdb,0x6d,0xbf,0xc8,
+	0x1a,0x0a,0x01,0xe8,0x5e,0x3f,0x8e,0x64,0x33,0xb4,0x15,0xbb,0x1b,0xa5,0xed,0xf9,
+	0x4b,0xa7,0xe8,0x5e,0x6f,0x49,0x24,0xf7,0x32,0xf4,0x9b,0x4c,0x47,0xdc,0xf1,0x28,
+	0x44,0x1c,0x37,0xdb,0xee,0xfb,0xd8,0xbd,0x4e,0x5c,0xeb,0x07);
+
+/**
+ * Public key of the above with: openssl ec -param_enc explicit -pubout
+ */
+static chunk_t explicit_params_pub = chunk_from_chars(
+	0x30,0x82,0x01,0x4b,0x30,0x82,0x01,0x03,0x06,0x07,0x2a,0x86,0x48,0xce,0x3d,0x02,
+	0x01,0x30,0x81,0xf7,0x02,0x01,0x01,0x30,0x2c,0x06,0x07,0x2a,0x86,0x48,0xce,0x3d,
+	0x01,0x01,0x02,0x21,0x00,0xff,0xff,0xff,0xff,0x00,0x00,0x00,0x01,0x00,0x00,0x00,
+	0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
+	0xff,0xff,0xff,0xff,0xff,0x30,0x5b,0x04,0x20,0xff,0xff,0xff,0xff,0x00,0x00,0x00,
+	0x01,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0xff,0xff,0xff,
+	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xfc,0x04,0x20,0x5a,0xc6,0x35,0xd8,0xaa,
+	0x3a,0x93,0xe7,0xb3,0xeb,0xbd,0x55,0x76,0x98,0x86,0xbc,0x65,0x1d,0x06,0xb0,0xcc,
+	0x53,0xb0,0xf6,0x3b,0xce,0x3c,0x3e,0x27,0xd2,0x60,0x4b,0x03,0x15,0x00,0xc4,0x9d,
+	0x36,0x08,0x86,0xe7,0x04,0x93,0x6a,0x66,0x78,0xe1,0x13,0x9d,0x26,0xb7,0x81,0x9f,
+	0x7e,0x90,0x04,0x41,0x04,0x6b,0x17,0xd1,0xf2,0xe1,0x2c,0x42,0x47,0xf8,0xbc,0xe6,
+	0xe5,0x63,0xa4,0x40,0xf2,0x77,0x03,0x7d,0x81,0x2d,0xeb,0x33,0xa0,0xf4,0xa1,0x39,
+	0x45,0xd8,0x98,0xc2,0x96,0x4f,0xe3,0x42,0xe2,0xfe,0x1a,0x7f,0x9b,0x8e,0xe7,0xeb,
+	0x4a,0x7c,0x0f,0x9e,0x16,0x2b,0xce,0x33,0x57,0x6b,0x31,0x5e,0xce,0xcb,0xb6,0x40,
+	0x68,0x37,0xbf,0x51,0xf5,0x02,0x21,0x00,0xff,0xff,0xff,0xff,0x00,0x00,0x00,0x00,
+	0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xbc,0xe6,0xfa,0xad,0xa7,0x17,0x9e,0x84,
+	0xf3,0xb9,0xca,0xc2,0xfc,0x63,0x25,0x51,0x02,0x01,0x01,0x03,0x42,0x00,0x04,0x9c,
+	0xb2,0x52,0xcb,0xc0,0x5c,0xcf,0x97,0xdd,0xd6,0xe7,0x49,0x32,0x47,0x0c,0x8e,0xdb,
+	0x6d,0xbf,0xc8,0x1a,0x0a,0x01,0xe8,0x5e,0x3f,0x8e,0x64,0x33,0xb4,0x15,0xbb,0x1b,
+	0xa5,0xed,0xf9,0x4b,0xa7,0xe8,0x5e,0x6f,0x49,0x24,0xf7,0x32,0xf4,0x9b,0x4c,0x47,
+	0xdc,0xf1,0x28,0x44,0x1c,0x37,0xdb,0xee,0xfb,0xd8,0xbd,0x4e,0x5c,0xeb,0x07);
+
+START_TEST(test_load_reject_explicit_params)
+{
+	private_key_t *privkey;
+	public_key_t *pubkey;
+
+	pubkey = lib->creds->create(lib->creds, CRED_PUBLIC_KEY, KEY_ECDSA,
+								BUILD_BLOB_ASN1_DER, explicit_params_pub,
+								BUILD_END);
+	if (pubkey)
+	{
+		pubkey->destroy(pubkey);
+		warn("ECDSA public key with explicit parameters not rejected");
+	}
+
+	privkey = lib->creds->create(lib->creds, CRED_PRIVATE_KEY, KEY_ECDSA,
+								 BUILD_BLOB_ASN1_DER, explicit_params,
+								 BUILD_END);
+	if (privkey)
+	{
+		privkey->destroy(privkey);
+		warn("ECDSA private key with explicit parameters not rejected");
+	}
+}
+END_TEST
+
 Suite *ecdsa_suite_create()
 {
 	Suite *s;
@@ -358,6 +437,7 @@ Suite *ecdsa_suite_create()
 
 	tc = tcase_create("load");
 	tcase_add_loop_test(tc, test_load, 0, countof(keys));
+	tcase_add_test(tc, test_load_reject_explicit_params);
 	suite_add_tcase(s, tc);
 
 	return s;