EVP_PKEY support for evp_test

#include <stdlib.h>

#include <ctype.h>

#include <openssl/evp.h>

#include <openssl/pem.h>

#include <openssl/err.h>

#include <openssl/x509v3.h>

/* Structure holding test information */

struct evp_test {

    /* file being read */

    FILE *in;

    /* List of public and private keys */

    struct key_list *private;

    struct key_list *public;

    /* method for this test */

    const struct evp_test_method *meth;

    /* current line being processed */

    /* test specific data */

    void *data;

};

struct key_list {

    char *name;

    EVP_PKEY *key;

    struct key_list *next;

};

/* Test method structure */

struct evp_test_method {

    /* Name of test as it appears in file */

static const struct evp_test_method digest_test_method, cipher_test_method;

static const struct evp_test_method aead_test_method, mac_test_method;

static const struct evp_test_method psign_test_method, pverify_test_method;

static const struct evp_test_method pdecrypt_test_method;

static const struct evp_test_method pverify_recover_test_method;

static const struct evp_test_method *evp_test_list[] = {

    &digest_test_method,

    &cipher_test_method,

    &mac_test_method,

    &psign_test_method,

    &pverify_test_method,

    &pdecrypt_test_method,

    &pverify_recover_test_method,

    NULL

};

    return 1;

}

static EVP_PKEY *find_key(const char *name, struct key_list *lst)

{

    for (; lst; lst = lst->next) {

        if (!strcmp(lst->name, name))

            return lst->key;

    }

    return NULL;

}

static void free_key_list(struct key_list *lst)

{

    for (; lst; lst = lst->next) {

        EVP_PKEY_free(lst->key);

        OPENSSL_free(lst->name);

    }

}

static int process_test(struct evp_test *t, char *buf, int verbose)

{

    char *keyword, *value;

    int rv = 0;

    long save_pos;

    struct key_list **lst, *key;

    EVP_PKEY *pk = NULL;

    const struct evp_test_method *tmeth;

    if (verbose)

        fputs(buf, stdout);

    if (!parse_line(&keyword, &value, buf))

        return 1;

    if (!strcmp(keyword, "PrivateKey")) {

        save_pos = ftell(t->in);

        pk = PEM_read_PrivateKey(t->in, NULL, 0, NULL);

        if (pk == NULL) {

            fprintf(stderr, "Error reading private key %s\n", value);

            ERR_print_errors_fp(stderr);

            return 0;

        }

        lst = &t->private;

    }

    if (!strcmp(keyword, "PublicKey")) {

        save_pos = ftell(t->in);

        pk = PEM_read_PUBKEY(t->in, NULL, 0, NULL);

        if (pk == NULL) {

            fprintf(stderr, "Error reading public key %s\n", value);

            ERR_print_errors_fp(stderr);

            return 0;

        }

        lst = &t->public;

    }

    /* If we have a key add to list */

    if (pk) {

        char tmpbuf[80];

        if (find_key(value, *lst)) {

            fprintf(stderr, "Duplicate key %s\n", value);

            return 0;

        }

        key = OPENSSL_malloc(sizeof(struct key_list));

        if (!key)

            return 0;

        key->name = BUF_strdup(value);

        key->key = pk;

        key->next = *lst;

        *lst = key;

        /* Rewind input, read to end and update line numbers */

        fseek(t->in, save_pos, SEEK_SET);

        while (fgets(tmpbuf, sizeof(tmpbuf), t->in)) {

            t->line++;

            if (!strncmp(tmpbuf, "-----END", 8))

                return 1;

        }

        fprintf(stderr, "Can't find key end\n");

        return 0;

    }

    /* See if keyword corresponds to a test start */

    tmeth = evp_find_test(keyword);

    if (tmeth) {

    ERR_load_crypto_strings();

    OpenSSL_add_all_algorithms();

    t.meth = NULL;

    t.public = NULL;

    t.private = NULL;

    t.err = NULL;

    t.line = 0;

    t.start_line = -1;

    t.out_got = NULL;

    t.out_len = 0;

    in = fopen(argv[1], "r");

    t.in = in;

    while (fgets(buf, sizeof(buf), in)) {

        t.line++;

        if (!process_test(&t, buf, 0))

        exit(1);

    fprintf(stderr, "%d tests completed with %d errors\n",

            t.ntests, t.errors);

    free_key_list(t.public);

    free_key_list(t.private);

    fclose(in);

    if (t.errors)

        return 1;

    mac_test_parse,

    mac_test_run

};

/*

 * Public key operations. These are all very similar and can share

 * a lot of common code.

 */

struct pkey_data {

    /* Context for this operation */

    EVP_PKEY_CTX *ctx;

    /* Key operation to perform */

    int (*keyop) (EVP_PKEY_CTX *ctx,

                  unsigned char *sig, size_t *siglen,

                  const unsigned char *tbs, size_t tbslen);

    /* Input to MAC */

    unsigned char *input;

    size_t input_len;

    /* Expected output */

    unsigned char *output;

    size_t output_len;

};

/*

 * Perform public key operation setup: lookup key, allocated ctx and call

 * the appropriate initialisation function

 */

static int pkey_test_init(struct evp_test *t, const char *name,

                          int use_public,

                          int (*keyopinit) (EVP_PKEY_CTX *ctx),

                          int (*keyop) (EVP_PKEY_CTX *ctx,

                                        unsigned char *sig, size_t *siglen,

                                        const unsigned char *tbs,

                                        size_t tbslen)

    )

{

    struct pkey_data *kdata;

    EVP_PKEY *pkey = NULL;

    kdata = OPENSSL_malloc(sizeof(struct pkey_data));

    if (!kdata)

        return 0;

    kdata->ctx = NULL;

    kdata->input = NULL;

    kdata->output = NULL;

    kdata->keyop = keyop;

    t->data = kdata;

    if (use_public)

        pkey = find_key(name, t->public);

    if (!pkey)

        pkey = find_key(name, t->private);

    if (!pkey)

        return 0;

    kdata->ctx = EVP_PKEY_CTX_new(pkey, NULL);

    if (!kdata->ctx)

        return 0;

    if (keyopinit(kdata->ctx) <= 0)

        return 0;

    return 1;

}

static void pkey_test_cleanup(struct evp_test *t)

{

    struct pkey_data *kdata = t->data;

    if (kdata->input)

        OPENSSL_free(kdata->input);

    if (kdata->output)

        OPENSSL_free(kdata->output);

    if (kdata->ctx)

        EVP_PKEY_CTX_free(kdata->ctx);

}

static int pkey_test_parse(struct evp_test *t,

                           const char *keyword, const char *value)

{

    struct pkey_data *kdata = t->data;

    if (!strcmp(keyword, "Input"))

        return test_bin(value, &kdata->input, &kdata->input_len);

    if (!strcmp(keyword, "Output"))

        return test_bin(value, &kdata->output, &kdata->output_len);

    if (!strcmp(keyword, "Ctrl")) {

        char *p = strchr(value, ':');

        if (p)

            *p++ = 0;

        if (EVP_PKEY_CTX_ctrl_str(kdata->ctx, value, p) <= 0)

            return 0;

        return 1;

    }

    return 0;

}

static int pkey_test_run(struct evp_test *t)

{

    struct pkey_data *kdata = t->data;

    unsigned char *out = NULL;

    size_t out_len;

    const char *err = "KEYOP_LENGTH_ERROR";

    if (kdata->keyop(kdata->ctx, NULL, &out_len, kdata->input,

                     kdata->input_len) <= 0)

        goto err;

    out = OPENSSL_malloc(out_len);

    if (!out) {

        fprintf(stderr, "Error allocating output buffer!\n");

        exit(1);

    }

    err = "KEYOP_ERROR";

    if (kdata->keyop

        (kdata->ctx, out, &out_len, kdata->input, kdata->input_len) <= 0)

        goto err;

    err = "KEYOP_LENGTH_MISMATCH";

    if (out_len != kdata->output_len)

        goto err;

    err = "KEYOP_MISMATCH";

    if (check_output(t, kdata->output, out, out_len))

        goto err;

    err = NULL;

 err:

    if (out)

        OPENSSL_free(out);

    t->err = err;

    return 1;

}

static int sign_test_init(struct evp_test *t, const char *name)

{

    return pkey_test_init(t, name, 0, EVP_PKEY_sign_init, EVP_PKEY_sign);

}

static const struct evp_test_method psign_test_method = {

    "Sign",

    sign_test_init,

    pkey_test_cleanup,

    pkey_test_parse,

    pkey_test_run

};

static int verify_recover_test_init(struct evp_test *t, const char *name)

{

    return pkey_test_init(t, name, 1, EVP_PKEY_verify_recover_init,

                          EVP_PKEY_verify_recover);

}

static const struct evp_test_method pverify_recover_test_method = {

    "VerifyRecover",

    verify_recover_test_init,

    pkey_test_cleanup,

    pkey_test_parse,

    pkey_test_run

};

static int decrypt_test_init(struct evp_test *t, const char *name)

{

    return pkey_test_init(t, name, 0, EVP_PKEY_decrypt_init,

                          EVP_PKEY_decrypt);

}

static const struct evp_test_method pdecrypt_test_method = {

    "Decrypt",

    decrypt_test_init,

    pkey_test_cleanup,

    pkey_test_parse,

    pkey_test_run

};

static int verify_test_init(struct evp_test *t, const char *name)

{

    return pkey_test_init(t, name, 1, EVP_PKEY_verify_init, 0);

}

static int verify_test_run(struct evp_test *t)

{

    struct pkey_data *kdata = t->data;

    if (EVP_PKEY_verify(kdata->ctx, kdata->output, kdata->output_len,

                        kdata->input, kdata->input_len) <= 0)

        t->err = "VERIFY_ERROR";

    return 1;

}

static const struct evp_test_method pverify_test_method = {

    "Verify",

    verify_test_init,

    pkey_test_cleanup,

    pkey_test_parse,

    verify_test_run

};