From ae89578be2930c726d6ef56451233757a89f224f Mon Sep 17 00:00:00 2001 From: Shane Lontis Date: Thu, 23 Jul 2020 17:40:40 +1000 Subject: Test RSA oaep in fips mode Added RSA oaep test that uses the pkeyutl application. Added an openssl application option to support loading a (fips) provider via the '-config' option. Added openssl application related environment variable 'OPENSSL_TEST_LIBCTX' (for testing purposes only), that creates a non default library context. Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/11948) --- apps/include/apps.h | 4 + apps/include/opt.h | 3 + apps/lib/app_provider.c | 21 ++-- apps/lib/apps.c | 46 +++++++- apps/openssl.c | 17 ++- apps/pkeyutl.c | 30 +++++- doc/man1/openssl-pkeyutl.pod.in | 3 + doc/man1/openssl.pod | 20 ++-- doc/perlvars.pm | 8 ++ test/recipes/15-test_rsaoaep.t | 155 +++++++++++++++++++++++++++ test/recipes/15-test_rsaoaep_data/plain_text | 1 + 11 files changed, 282 insertions(+), 26 deletions(-) create mode 100644 test/recipes/15-test_rsaoaep.t create mode 100644 test/recipes/15-test_rsaoaep_data/plain_text diff --git a/apps/include/apps.h b/apps/include/apps.h index 87d1b47150..9a76dcd339 100644 --- a/apps/include/apps.h +++ b/apps/include/apps.h @@ -65,6 +65,7 @@ CONF *app_load_config_bio(BIO *in, const char *filename); CONF *app_load_config(const char *filename); CONF *app_load_config_quiet(const char *filename); int app_load_modules(const CONF *config); +CONF *app_load_config_modules(const char *configfile); void unbuffer(FILE *fp); void wait_for_async(SSL *s); # if defined(OPENSSL_SYS_MSDOS) @@ -290,9 +291,12 @@ typedef struct verify_options_st { extern VERIFY_CB_ARGS verify_args; +OPENSSL_CTX *app_create_libctx(void); +OPENSSL_CTX *app_get0_libctx(void); OSSL_PARAM *app_params_new_from_opts(STACK_OF(OPENSSL_STRING) *opts, const OSSL_PARAM *paramdefs); void app_params_free(OSSL_PARAM *params); +int app_provider_load(OPENSSL_CTX *libctx, const char *provider_name); void app_providers_cleanup(void); #endif diff --git a/apps/include/opt.h b/apps/include/opt.h index 5afbad1bbe..ad629c0199 100644 --- a/apps/include/opt.h +++ b/apps/include/opt.h @@ -273,6 +273,9 @@ OPT_PROV_PROVIDER, OPT_PROV_PROVIDER_PATH, \ OPT_PROV__LAST +# define OPT_CONFIG_OPTION \ + { "config", OPT_CONFIG, '<', "Load a configuration file (this may load modules)" } + # define OPT_PROV_OPTIONS \ OPT_SECTION("Provider"), \ { "provider_path", OPT_PROV_PROVIDER_PATH, 's', "Provider load path (must be before 'provider' argument if required)" }, \ diff --git a/apps/lib/app_provider.c b/apps/lib/app_provider.c index ca24328a2e..60645e21d7 100644 --- a/apps/lib/app_provider.c +++ b/apps/lib/app_provider.c @@ -8,6 +8,7 @@ */ #include "apps.h" +#include #include #include #include @@ -21,14 +22,19 @@ enum prov_range { OPT_PROV_ENUM }; static STACK_OF(OSSL_PROVIDER) *app_providers = NULL; -static int opt_provider_load(const char *provider) +static void provider_free(OSSL_PROVIDER *prov) +{ + OSSL_PROVIDER_unload(prov); +} + +int app_provider_load(OPENSSL_CTX *libctx, const char *provider_name) { OSSL_PROVIDER *prov; - prov = OSSL_PROVIDER_load(NULL, provider); + prov = OSSL_PROVIDER_load(libctx, provider_name); if (prov == NULL) { opt_printf_stderr("%s: unable to load provider %s\n", - opt_getprog(), provider); + opt_getprog(), provider_name); return 0; } if (app_providers == NULL) @@ -41,11 +47,6 @@ static int opt_provider_load(const char *provider) return 1; } -static void provider_free(OSSL_PROVIDER *prov) -{ - OSSL_PROVIDER_unload(prov); -} - void app_providers_cleanup(void) { sk_OSSL_PROVIDER_pop_free(app_providers, provider_free); @@ -56,7 +57,7 @@ static int opt_provider_path(const char *path) { if (path != NULL && *path == '\0') path = NULL; - return OSSL_PROVIDER_set_default_search_path(NULL, path); + return OSSL_PROVIDER_set_default_search_path(app_get0_libctx(), path); } int opt_provider(int opt) @@ -66,7 +67,7 @@ int opt_provider(int opt) case OPT_PROV__LAST: return 1; case OPT_PROV_PROVIDER: - return opt_provider_load(opt_arg()); + return app_provider_load(app_get0_libctx(), opt_arg()); case OPT_PROV_PROVIDER_PATH: return opt_provider_path(opt_arg()); } diff --git a/apps/lib/apps.c b/apps/lib/apps.c index 777e4fed35..ba40e9bc7e 100644 --- a/apps/lib/apps.c +++ b/apps/lib/apps.c @@ -78,6 +78,8 @@ typedef struct { unsigned long mask; } NAME_EX_TBL; +static OPENSSL_CTX *app_libctx = NULL; + static int set_table_opts(unsigned long *flags, const char *arg, const NAME_EX_TBL * in_tbl); static int set_multi_opts(unsigned long *flags, const char *arg, @@ -335,13 +337,37 @@ static char *app_get_pass(const char *arg, int keepbio) return OPENSSL_strdup(tpass); } +OPENSSL_CTX *app_get0_libctx(void) +{ + return app_libctx; +} + +OPENSSL_CTX *app_create_libctx(void) +{ + /* + * Load the NULL provider into the default library context and create a + * library context which will then be used for any OPT_PROV options. + */ + if (app_libctx == NULL) { + + if (!app_provider_load(NULL, "null")) { + BIO_puts(bio_err, "Failed to create null provider\n"); + return NULL; + } + app_libctx = OPENSSL_CTX_new(); + } + if (app_libctx == NULL) + BIO_puts(bio_err, "Failed to create library context\n"); + return app_libctx; +} + CONF *app_load_config_bio(BIO *in, const char *filename) { long errorline = -1; CONF *conf; int i; - conf = NCONF_new(NULL); + conf = NCONF_new_with_libctx(app_libctx, NULL); i = NCONF_load_bio(conf, in, &errorline); if (i > 0) return conf; @@ -357,6 +383,7 @@ CONF *app_load_config_bio(BIO *in, const char *filename) else BIO_printf(bio_err, "config input"); + CONF_modules_load(conf, NULL, 0); NCONF_free(conf); return NULL; } @@ -434,6 +461,23 @@ int add_oid_section(CONF *conf) return 1; } +CONF *app_load_config_modules(const char *configfile) +{ + CONF *conf = NULL; + + if (configfile != NULL) { + BIO_printf(bio_err, "Using configuration from %s\n", configfile); + + if ((conf = app_load_config(configfile)) == NULL) + return NULL; + if (configfile != default_config_file && !app_load_modules(conf)) { + NCONF_free(conf); + conf = NULL; + } + } + return conf; +} + X509 *load_cert_pass(const char *uri, int maybe_stdin, const char *pass, const char *desc) { diff --git a/apps/openssl.c b/apps/openssl.c index a1b4443e4b..6b2c2b9c6b 100644 --- a/apps/openssl.c +++ b/apps/openssl.c @@ -58,6 +58,7 @@ static void warn_deprecated(const FUNCTION *fp) static int apps_startup(void) { + const char *use_libctx = NULL; #ifdef SIGPIPE signal(SIGPIPE, SIG_IGN); #endif @@ -69,11 +70,26 @@ static int apps_startup(void) setup_ui_method(); + /* + * NOTE: This is an undocumented feature required for testing only. + * There are no guarantees that it will exist in future builds. + */ + use_libctx = getenv("OPENSSL_TEST_LIBCTX"); + if (use_libctx != NULL) { + /* Set this to "1" to create a global libctx */ + if (strcmp(use_libctx, "1") == 0) { + if (app_create_libctx() == NULL) + return 0; + } + } + return 1; } static void apps_shutdown(void) { + app_providers_cleanup(); + OPENSSL_CTX_free(app_get0_libctx()); destroy_ui_method(); } @@ -273,7 +289,6 @@ int main(int argc, char *argv[]) : do_cmd(prog, 1, help_argv); end: - app_providers_cleanup(); OPENSSL_free(default_config_file); lh_FUNCTION_free(prog); OPENSSL_free(arg.argv); diff --git a/apps/pkeyutl.c b/apps/pkeyutl.c index 231547e291..4de2a56590 100644 --- a/apps/pkeyutl.c +++ b/apps/pkeyutl.c @@ -25,7 +25,8 @@ DEFINE_STACK_OF_STRING() static EVP_PKEY_CTX *init_ctx(const char *kdfalg, int *pkeysize, const char *keyfile, int keyform, int key_type, char *passinarg, int pkey_op, ENGINE *e, - const int impl, int rawin, EVP_PKEY **ppkey); + const int impl, int rawin, EVP_PKEY **ppkey, + OPENSSL_CTX *libctx, const char *propq); static int setup_peer(EVP_PKEY_CTX *ctx, int peerform, const char *file, ENGINE *e); @@ -47,6 +48,7 @@ typedef enum OPTION_choice { OPT_DERIVE, OPT_SIGFILE, OPT_INKEY, OPT_PEERKEY, OPT_PASSIN, OPT_PEERFORM, OPT_KEYFORM, OPT_PKEYOPT, OPT_PKEYOPT_PASSIN, OPT_KDF, OPT_KDFLEN, OPT_R_ENUM, OPT_PROV_ENUM, + OPT_CONFIG, OPT_RAWIN, OPT_DIGEST } OPTION_CHOICE; @@ -63,6 +65,7 @@ const OPTIONS pkeyutl_options[] = { {"encrypt", OPT_ENCRYPT, '-', "Encrypt input data with public key"}, {"decrypt", OPT_DECRYPT, '-', "Decrypt input data with private key"}, {"derive", OPT_DERIVE, '-', "Derive shared secret"}, + OPT_CONFIG_OPTION, OPT_SECTION("Input"), {"in", OPT_IN, '<', "Input file - default stdin"}, @@ -100,6 +103,7 @@ const OPTIONS pkeyutl_options[] = { int pkeyutl_main(int argc, char **argv) { + CONF *conf = NULL; BIO *in = NULL, *out = NULL; ENGINE *e = NULL; EVP_PKEY_CTX *ctx = NULL; @@ -122,6 +126,8 @@ int pkeyutl_main(int argc, char **argv) int rawin = 0; const EVP_MD *md = NULL; int filesize = -1; + OPENSSL_CTX *libctx = app_get0_libctx(); + const char *propq = NULL; prog = opt_init(argc, argv, pkeyutl_options); while ((o = opt_next()) != OPT_EOF) { @@ -168,6 +174,11 @@ int pkeyutl_main(int argc, char **argv) if (!opt_rand(o)) goto end; break; + case OPT_CONFIG: + conf = app_load_config_modules(opt_arg()); + if (conf == NULL) + goto end; + break; case OPT_PROV_CASES: if (!opt_provider(o)) goto end; @@ -281,7 +292,8 @@ int pkeyutl_main(int argc, char **argv) goto opthelp; } ctx = init_ctx(kdfalg, &keysize, inkey, keyform, key_type, - passinarg, pkey_op, e, engine_impl, rawin, &pkey); + passinarg, pkey_op, e, engine_impl, rawin, &pkey, + libctx, propq); if (ctx == NULL) { BIO_printf(bio_err, "%s: Error initializing context\n", prog); ERR_print_errors(bio_err); @@ -484,6 +496,7 @@ int pkeyutl_main(int argc, char **argv) OPENSSL_free(sig); sk_OPENSSL_STRING_free(pkeyopts); sk_OPENSSL_STRING_free(pkeyopts_passin); + NCONF_free(conf); return ret; } @@ -491,7 +504,8 @@ static EVP_PKEY_CTX *init_ctx(const char *kdfalg, int *pkeysize, const char *keyfile, int keyform, int key_type, char *passinarg, int pkey_op, ENGINE *e, const int engine_impl, int rawin, - EVP_PKEY **ppkey) + EVP_PKEY **ppkey, + OPENSSL_CTX *libctx, const char *propq) { EVP_PKEY *pkey = NULL; EVP_PKEY_CTX *ctx = NULL; @@ -547,13 +561,19 @@ static EVP_PKEY_CTX *init_ctx(const char *kdfalg, int *pkeysize, goto end; } } - ctx = EVP_PKEY_CTX_new_id(kdfnid, impl); + if (impl != NULL) + ctx = EVP_PKEY_CTX_new_id(kdfnid, impl); + else + ctx = EVP_PKEY_CTX_new_from_name(libctx, kdfalg, propq); } else { if (pkey == NULL) goto end; *pkeysize = EVP_PKEY_size(pkey); - ctx = EVP_PKEY_CTX_new(pkey, impl); + if (impl != NULL) + ctx = EVP_PKEY_CTX_new(pkey, impl); + else + ctx = EVP_PKEY_CTX_new_from_pkey(libctx, pkey, propq); if (ppkey != NULL) *ppkey = pkey; EVP_PKEY_free(pkey); diff --git a/doc/man1/openssl-pkeyutl.pod.in b/doc/man1/openssl-pkeyutl.pod.in index 378cfccad6..c68ba3a934 100644 --- a/doc/man1/openssl-pkeyutl.pod.in +++ b/doc/man1/openssl-pkeyutl.pod.in @@ -38,6 +38,7 @@ B B [B<-engine_impl>] {- $OpenSSL::safe::opt_r_synopsis -} {- $OpenSSL::safe::opt_provider_synopsis -} +{- $OpenSSL::safe::opt_config_synopsis -} =for openssl ifdef engine engine_impl @@ -193,6 +194,8 @@ engine I for crypto operations. {- $OpenSSL::safe::opt_provider_item -} +{- $OpenSSL::safe::opt_config_item -} + =back =head1 NOTES diff --git a/doc/man1/openssl.pod b/doc/man1/openssl.pod index 791bc52341..384dfb2e72 100644 --- a/doc/man1/openssl.pod +++ b/doc/man1/openssl.pod @@ -52,15 +52,6 @@ I and I. Detailed documentation and use cases for most standard subcommands are available (e.g., L). -Many commands use an external configuration file for some or all of their -arguments and have a B<-config> option to specify that file. -The default name of the file is F in the default certificate -storage area, which can be determined from the L -command. -The environment variable B can be used to specify -a different location of the file. -See L. - The list options B<-standard-commands>, B<-digest-commands>, and B<-cipher-commands> output a list (one entry per line) of the names of all standard commands, message digest commands, or cipher commands, @@ -86,6 +77,17 @@ availability of ciphers in the B program. (BI is not able to detect pseudo-commands such as B, B, or BI itself.) +=head2 Configuration Option + +Many commands use an external configuration file for some or all of their +arguments and have a B<-config> option to specify that file. +The default name of the file is F in the default certificate +storage area, which can be determined from the L +command. This can be used to load modules. +The environment variable B can be used to specify +a different location of the file. +See L. + =head2 Standard Commands =over 4 diff --git a/doc/perlvars.pm b/doc/perlvars.pm index 98c348859f..978c206e25 100644 --- a/doc/perlvars.pm +++ b/doc/perlvars.pm @@ -101,6 +101,14 @@ $OpenSSL::safe::opt_provider_item = "" . "\n" . "See L."; +# Configuration option +$OpenSSL::safe::opt_config_synopsis = "" +. "[B<-config> I]\n"; +$OpenSSL::safe::opt_config_item = "" +. "=item B<-config> I\n" +. "\n" +. "See L."; + # Engine option $OpenSSL::safe::opt_engine_synopsis = ""; $OpenSSL::safe::opt_engine_item = ""; diff --git a/test/recipes/15-test_rsaoaep.t b/test/recipes/15-test_rsaoaep.t new file mode 100644 index 0000000000..1b6fcb8e65 --- /dev/null +++ b/test/recipes/15-test_rsaoaep.t @@ -0,0 +1,155 @@ +#! /usr/bin/env perl +# Copyright 2020 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the Apache License 2.0 (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + +use strict; +use warnings; + +use OpenSSL::Test qw(:DEFAULT data_file bldtop_dir srctop_file srctop_dir bldtop_file); +use OpenSSL::Test::Utils; +use File::Compare qw/compare_text/; + +BEGIN { + setup("test_rsaoaep"); +} +use lib srctop_dir('Configurations'); +use lib bldtop_dir('.'); +use platform; + +my $no_fips = disabled('fips') || ($ENV{NO_FIPS} // 0); + +plan tests => + ($no_fips ? 0 : 1) # FIPS install test + + 9; + +my @prov = ( ); +my $provconf = srctop_file("test", "fips.cnf"); +my $provpath = bldtop_dir("providers"); +my $msg_file = data_file("plain_text"); +my $enc1_file = "enc1.bin"; +my $enc2_file = "enc2.bin"; +my $enc3_file = "enc3.bin"; +my $dec1_file = "dec1.txt"; +my $dec2_file = "dec2.txt"; +my $dec3_file = "dec3.txt"; +my $key_file = srctop_file("test", "testrsa.pem"); + +unless ($no_fips) { + @prov = ( "-provider_path", $provpath, "-config", $provconf ); + my $infile = bldtop_file('providers', platform->dso('fips')); + + ok(run(app(['openssl', 'fipsinstall', + '-out', bldtop_file('providers', 'fipsmodule.cnf'), + '-module', $infile])), + "fipsinstall"); + $ENV{OPENSSL_TEST_LIBCTX} = "1"; +} + +ok(run(app(['openssl', 'pkeyutl', + @prov, + '-encrypt', + '-in', $msg_file, + '-inkey', $key_file, + '-pkeyopt', 'pad-mode:oaep', + '-pkeyopt', 'oaep-label:123', + '-pkeyopt', 'digest:sha1', + '-pkeyopt', 'mgf1-digest:sha1', + '-out', $enc1_file])), + "RSA OAEP Encryption"); + +ok(!run(app(['openssl', 'pkeyutl', + @prov, + '-encrypt', + '-in', $key_file, + '-inkey', $key_file, + '-pkeyopt', 'pad-mode:oaep', + '-pkeyopt', 'oaep-label:123', + '-pkeyopt', 'digest:sha256', + '-pkeyopt', 'mgf1-digest:sha1'])), + "RSA OAEP Encryption should fail if the message is larger than the rsa modulus"); + +ok(run(app(['openssl', 'pkeyutl', + @prov, + '-decrypt', + '-inkey', $key_file, + '-pkeyopt', 'pad-mode:oaep', + '-pkeyopt', 'oaep-label:123', + '-pkeyopt', 'digest:sha1', + '-pkeyopt', 'mgf1-digest:sha1', + '-in', $enc1_file, + '-out', $dec1_file])) + && compare_text($dec1_file, $msg_file) == 0, + "RSA OAEP Decryption"); + +ok(!run(app(['openssl', 'pkeyutl', + @prov, + '-decrypt', + '-inkey', $key_file, + '-pkeyopt', 'pad-mode:oaep', + '-pkeyopt', 'oaep-label:123', + '-pkeyopt', 'digest:sha256', + '-pkeyopt', 'mgf1-digest:sha224', + '-in', $enc1_file])), + "Incorrect digest for RSA OAEP Decryption"); + +ok(!run(app(['openssl', 'pkeyutl', + @prov, + '-decrypt', + '-inkey', $key_file, + '-pkeyopt', 'pad-mode:oaep', + '-pkeyopt', 'oaep-label:123', + '-pkeyopt', 'digest:sha1', + '-pkeyopt', 'mgf1-digest:sha224', + '-in', $enc1_file])), + "Incorrect mgf1-digest for RSA OAEP Decryption"); + +ok(run(app(['openssl', 'pkeyutl', + @prov, + '-encrypt', + '-in', $msg_file, + '-inkey', $key_file, + '-pkeyopt', 'pad-mode:oaep', + '-pkeyopt', 'oaep-label:123', + '-pkeyopt', 'digest:sha1', + '-pkeyopt', 'mgf1-digest:sha1', + '-out', $enc2_file])) + && compare_text($enc2_file, $enc1_file) != 0, + "RSA OAEP Encryption should generate different encrypted data"); + +ok(run(app(['openssl', 'pkeyutl', + @prov, + '-decrypt', + '-inkey', $key_file, + '-pkeyopt', 'pad-mode:oaep', + '-pkeyopt', 'oaep-label:123', + '-in', $enc2_file, + '-out', $dec2_file])) + && compare_text($dec2_file, $msg_file) == 0, + "RSA OAEP Decryption with default digests"); + +ok(run(app(['openssl', 'pkeyutl', + @prov, + '-encrypt', + '-in', $msg_file, + '-inkey', $key_file, + '-pkeyopt', 'pad-mode:oaep', + '-pkeyopt', 'oaep-label:123', + '-out', $enc3_file])), + "RSA OAEP Encryption with default digests"); + +ok(run(app(['openssl', 'pkeyutl', + @prov, + '-decrypt', + '-inkey', $key_file, + '-pkeyopt', 'pad-mode:oaep', + '-pkeyopt', 'oaep-label:123', + '-pkeyopt', 'digest:sha1', + '-pkeyopt', 'mgf1-digest:sha1', + '-in', $enc3_file, + '-out', $dec3_file])) + && compare_text($dec3_file, $msg_file) == 0, + "RSA OAEP Decryption with explicit default digests"); diff --git a/test/recipes/15-test_rsaoaep_data/plain_text b/test/recipes/15-test_rsaoaep_data/plain_text new file mode 100644 index 0000000000..802992c422 --- /dev/null +++ b/test/recipes/15-test_rsaoaep_data/plain_text @@ -0,0 +1 @@ +Hello world -- cgit v1.2.3