diff options
author | David Makepeace <david.p.makepeace@oracle.com> | 2019-06-03 14:58:54 +1000 |
---|---|---|
committer | Pauli <paul.dale@oracle.com> | 2019-07-12 06:26:46 +1000 |
commit | 54846b7c6ef5718f507def9d192628133f97fe20 (patch) | |
tree | 4d6810f0dda7442ec72619737c0724322e024ace /test | |
parent | 35e264c03232c7843733caa80f8e16bef7e2e829 (diff) |
Add simple ASN.1 utils for DSA signature DER.
Adds simple utility functions to allow both the default and fips providers to
encode and decode DSA-Sig-Value and ECDSA-Sig-Value (DSA_SIG and ECDSA_SIG
structures) to/from ASN.1 DER without requiring those providers to have a
dependency on the asn1 module.
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9111)
Diffstat (limited to 'test')
-rw-r--r-- | test/asn1_dsa_internal_test.c | 184 | ||||
-rw-r--r-- | test/build.info | 7 | ||||
-rw-r--r-- | test/recipes/03-test_internal_asn1_dsa.t | 16 |
3 files changed, 206 insertions, 1 deletions
diff --git a/test/asn1_dsa_internal_test.c b/test/asn1_dsa_internal_test.c new file mode 100644 index 0000000000..a62f5e4cd4 --- /dev/null +++ b/test/asn1_dsa_internal_test.c @@ -0,0 +1,184 @@ +/* + * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include <stdio.h> +#include <string.h> + +#include <openssl/bn.h> +#include "internal/asn1_dsa.h" +#include "testutil.h" + +static unsigned char t_dsa_sig[] = { + 0x30, 0x06, /* SEQUENCE tag + length */ + 0x02, 0x01, 0x01, /* INTEGER tag + length + content */ + 0x02, 0x01, 0x02 /* INTEGER tag + length + content */ +}; + +static unsigned char t_dsa_sig_extra[] = { + 0x30, 0x06, /* SEQUENCE tag + length */ + 0x02, 0x01, 0x01, /* INTEGER tag + length + content */ + 0x02, 0x01, 0x02, /* INTEGER tag + length + content */ + 0x05, 0x00 /* NULL tag + length */ +}; + +static unsigned char t_dsa_sig_msb[] = { + 0x30, 0x08, /* SEQUENCE tag + length */ + 0x02, 0x02, 0x00, 0x81, /* INTEGER tag + length + content */ + 0x02, 0x02, 0x00, 0x82 /* INTEGER tag + length + content */ +}; + +static unsigned char t_dsa_sig_two[] = { + 0x30, 0x08, /* SEQUENCE tag + length */ + 0x02, 0x02, 0x01, 0x00, /* INTEGER tag + length + content */ + 0x02, 0x02, 0x02, 0x00 /* INTEGER tag + length + content */ +}; + +/* + * Badly coded ASN.1 INTEGER zero wrapped in a sequence along with another + * (valid) INTEGER. + */ +static unsigned char t_invalid_int_zero[] = { + 0x30, 0x05, /* SEQUENCE tag + length */ + 0x02, 0x00, /* INTEGER tag + length */ + 0x02, 0x01, 0x2a /* INTEGER tag + length */ +}; + +/* + * Badly coded ASN.1 INTEGER (with leading zeros) wrapped in a sequence along + * with another (valid) INTEGER. + */ +static unsigned char t_invalid_int[] = { + 0x30, 0x07, /* SEQUENCE tag + length */ + 0x02, 0x02, 0x00, 0x7f, /* INTEGER tag + length */ + 0x02, 0x01, 0x2a /* INTEGER tag + length */ +}; + +/* + * Negative ASN.1 INTEGER wrapped in a sequence along with another + * (valid) INTEGER. + */ +static unsigned char t_neg_int[] = { + 0x30, 0x06, /* SEQUENCE tag + length */ + 0x02, 0x01, 0xaa, /* INTEGER tag + length */ + 0x02, 0x01, 0x2a /* INTEGER tag + length */ +}; + +static unsigned char t_trunc_der[] = { + 0x30, 0x08, /* SEQUENCE tag + length */ + 0x02, 0x02, 0x00, 0x81, /* INTEGER tag + length */ + 0x02, 0x02, 0x00 /* INTEGER tag + length */ +}; + +static unsigned char t_trunc_seq[] = { + 0x30, 0x07, /* SEQUENCE tag + length */ + 0x02, 0x02, 0x00, 0x81, /* INTEGER tag + length */ + 0x02, 0x02, 0x00, 0x82 /* INTEGER tag + length */ +}; + +static int test_decode(void) +{ + int rv = 0; + BIGNUM *r; + BIGNUM *s; + const unsigned char *pder; + + r = BN_new(); + s = BN_new(); + + /* Positive tests */ + pder = t_dsa_sig; + if (decode_der_dsa_sig(r, s, &pder, sizeof(t_dsa_sig)) == 0 + || !TEST_ptr_eq(pder, (t_dsa_sig + sizeof(t_dsa_sig))) + || !TEST_BN_eq_word(r, 1) || !TEST_BN_eq_word(s, 2)) { + TEST_info("asn1_dsa test_decode: t_dsa_sig failed"); + goto fail; + } + + BN_clear(r); + BN_clear(s); + pder = t_dsa_sig_extra; + if (decode_der_dsa_sig(r, s, &pder, sizeof(t_dsa_sig_extra)) == 0 + || !TEST_ptr_eq(pder, + (t_dsa_sig_extra + sizeof(t_dsa_sig_extra) - 2)) + || !TEST_BN_eq_word(r, 1) || !TEST_BN_eq_word(s, 2)) { + TEST_info("asn1_dsa test_decode: t_dsa_sig_extra failed"); + goto fail; + } + + BN_clear(r); + BN_clear(s); + pder = t_dsa_sig_msb; + if (decode_der_dsa_sig(r, s, &pder, sizeof(t_dsa_sig_msb)) == 0 + || !TEST_ptr_eq(pder, (t_dsa_sig_msb + sizeof(t_dsa_sig_msb))) + || !TEST_BN_eq_word(r, 0x81) || !TEST_BN_eq_word(s, 0x82)) { + TEST_info("asn1_dsa test_decode: t_dsa_sig_msb failed"); + goto fail; + } + + BN_clear(r); + BN_clear(s); + pder = t_dsa_sig_two; + if (decode_der_dsa_sig(r, s, &pder, sizeof(t_dsa_sig_two)) == 0 + || !TEST_ptr_eq(pder, (t_dsa_sig_two + sizeof(t_dsa_sig_two))) + || !TEST_BN_eq_word(r, 0x100) || !TEST_BN_eq_word(s, 0x200)) { + TEST_info("asn1_dsa test_decode: t_dsa_sig_two failed"); + goto fail; + } + + /* Negative tests */ + pder = t_invalid_int_zero; + if (decode_der_dsa_sig(r, s, &pder, sizeof(t_invalid_int_zero)) != 0) { + TEST_info("asn1_dsa test_decode: Expected t_invalid_int_zero to fail"); + goto fail; + } + + BN_clear(r); + BN_clear(s); + pder = t_invalid_int; + if (decode_der_dsa_sig(r, s, &pder, sizeof(t_invalid_int)) != 0) { + TEST_info("asn1_dsa test_decode: Expected t_invalid_int to fail"); + goto fail; + } + + BN_clear(r); + BN_clear(s); + pder = t_neg_int; + if (decode_der_dsa_sig(r, s, &pder, sizeof(t_neg_int)) != 0) { + TEST_info("asn1_dsa test_decode: Expected t_neg_int to fail"); + goto fail; + } + + BN_clear(r); + BN_clear(s); + pder = t_trunc_der; + if (decode_der_dsa_sig(r, s, &pder, sizeof(t_trunc_der)) != 0) { + TEST_info("asn1_dsa test_decode: Expected fail t_trunc_der"); + goto fail; + } + + BN_clear(r); + BN_clear(s); + pder = t_trunc_seq; + if (decode_der_dsa_sig(r, s, &pder, sizeof(t_trunc_seq)) != 0) { + TEST_info("asn1_dsa test_decode: Expected fail t_trunc_seq"); + goto fail; + } + + rv = 1; +fail: + BN_free(r); + BN_free(s); + return rv; +} + +int setup_tests(void) +{ + ADD_TEST(test_decode); + return 1; +} diff --git a/test/build.info b/test/build.info index f5b802da4d..a61c0ce2be 100644 --- a/test/build.info +++ b/test/build.info @@ -469,7 +469,8 @@ IF[{- !$disabled{tests} -}] PROGRAMS{noinst}=asn1_internal_test modes_internal_test x509_internal_test \ tls13encryptiontest wpackettest ctype_internal_test \ rdrand_sanitytest property_test \ - rsa_sp800_56b_test bn_internal_test + rsa_sp800_56b_test bn_internal_test \ + asn1_dsa_internal_test IF[{- !$disabled{poly1305} -}] PROGRAMS{noinst}=poly1305_internal_test @@ -561,6 +562,10 @@ IF[{- !$disabled{tests} -}] SOURCE[bn_internal_test]=bn_internal_test.c INCLUDE[bn_internal_test]=.. ../include ../crypto/include ../crypto/bn ../apps/include DEPEND[bn_internal_test]=../libcrypto.a libtestutil.a + + SOURCE[asn1_dsa_internal_test]=asn1_dsa_internal_test.c + INCLUDE[asn1_dsa_internal_test]=.. ../include ../apps/include ../crypto/include + DEPEND[asn1_dsa_internal_test]=../libcrypto.a libtestutil.a ENDIF IF[{- !$disabled{mdc2} -}] diff --git a/test/recipes/03-test_internal_asn1_dsa.t b/test/recipes/03-test_internal_asn1_dsa.t new file mode 100644 index 0000000000..ecacac73cb --- /dev/null +++ b/test/recipes/03-test_internal_asn1_dsa.t @@ -0,0 +1,16 @@ +#! /usr/bin/env perl +# Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the Apache License 2.0 (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + +use strict; +use OpenSSL::Test; # get 'plan' +use OpenSSL::Test::Simple; +use OpenSSL::Test::Utils; + +setup("test_internal_asn1_dsa"); + +simple_test("test_internal_asn1_dsa", "asn1_dsa_internal_test"); |