Skip to content

Commit

Permalink
Add Test to verify open_ex password checking works
Browse files Browse the repository at this point in the history
Signed-off-by: Simo Sorce <simo@redhat.com>

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from openssl#20131)
  • Loading branch information
simo5 authored and beldmit committed Sep 19, 2023
1 parent 96e6780 commit 6412900
Show file tree
Hide file tree
Showing 3 changed files with 113 additions and 1 deletion.
46 changes: 45 additions & 1 deletion test/fake_rsaprov.c
Original file line number Diff line number Diff line change
Expand Up @@ -525,6 +525,7 @@ static const OSSL_ALGORITHM fake_rsa_sig_algs[] = {
};

static OSSL_FUNC_store_open_fn fake_rsa_st_open;
static OSSL_FUNC_store_open_ex_fn fake_rsa_st_open_ex;
static OSSL_FUNC_store_settable_ctx_params_fn fake_rsa_st_settable_ctx_params;
static OSSL_FUNC_store_set_ctx_params_fn fake_rsa_st_set_ctx_params;
static OSSL_FUNC_store_load_fn fake_rsa_st_load;
Expand All @@ -533,19 +534,61 @@ static OSSL_FUNC_store_close_fn fake_rsa_st_close;
static OSSL_FUNC_store_delete_fn fake_rsa_st_delete;

static const char fake_rsa_scheme[] = "fake_rsa:";
static const char fake_rsa_openpwtest[] = "fake_rsa:openpwtest";
static const char fake_rsa_prompt[] = "Fake Prompt Info";

static void *fake_rsa_st_open(void *provctx, const char *uri)
static void *fake_rsa_st_open_ex(void *provctx, const char *uri,
const OSSL_PARAM params[],
OSSL_PASSPHRASE_CALLBACK *pw_cb,
void *pw_cbarg)
{
unsigned char *storectx = NULL;

/* First check whether the uri is ours */
if (strncmp(uri, fake_rsa_scheme, sizeof(fake_rsa_scheme) - 1) != 0)
return NULL;

if (strncmp(uri, fake_rsa_openpwtest,
sizeof(fake_rsa_openpwtest) - 1) == 0) {
const char *pw_check = FAKE_PASSPHRASE;
char fakepw[sizeof(FAKE_PASSPHRASE) + 1] = { 0 };
size_t fakepw_len = 0;
OSSL_PARAM pw_params[2] = {
OSSL_PARAM_utf8_string(OSSL_PASSPHRASE_PARAM_INFO,
(void *)fake_rsa_prompt,
sizeof(fake_rsa_prompt) - 1),
OSSL_PARAM_END,
};

if (pw_cb == NULL) {
return NULL;
}

if (!pw_cb(fakepw, sizeof(fakepw), &fakepw_len, pw_params, pw_cbarg)) {
TEST_info("fake_rsa_open_ex failed passphrase callback");
return NULL;
}
if (strncmp(pw_check, fakepw, sizeof(pw_check) - 1) != 0) {
TEST_info("fake_rsa_open_ex failed passphrase check");
return NULL;
}
}

storectx = OPENSSL_zalloc(1);
if (!TEST_ptr(storectx))
return NULL;

TEST_info("fake_rsa_open_ex called");

return storectx;
}

static void *fake_rsa_st_open(void *provctx, const char *uri)
{
unsigned char *storectx = NULL;

storectx = fake_rsa_st_open_ex(provctx, uri, NULL, NULL, NULL);

TEST_info("fake_rsa_open called");

return storectx;
Expand Down Expand Up @@ -643,6 +686,7 @@ static int fake_rsa_st_close(void *loaderctx)

static const OSSL_DISPATCH fake_rsa_store_funcs[] = {
{ OSSL_FUNC_STORE_OPEN, (void (*)(void))fake_rsa_st_open },
{ OSSL_FUNC_STORE_OPEN_EX, (void (*)(void))fake_rsa_st_open_ex },
{ OSSL_FUNC_STORE_SETTABLE_CTX_PARAMS,
(void (*)(void))fake_rsa_st_settable_ctx_params },
{ OSSL_FUNC_STORE_SET_CTX_PARAMS, (void (*)(void))fake_rsa_st_set_ctx_params },
Expand Down
2 changes: 2 additions & 0 deletions test/fake_rsaprov.h
Original file line number Diff line number Diff line change
Expand Up @@ -9,6 +9,8 @@

#include <openssl/core_dispatch.h>

#define FAKE_PASSPHRASE "Passphrase Testing"

/* Fake RSA provider implementation */
OSSL_PROVIDER *fake_rsa_start(OSSL_LIB_CTX *libctx);
void fake_rsa_finish(OSSL_PROVIDER *p);
Expand Down
66 changes: 66 additions & 0 deletions test/provider_pkey_test.c
Original file line number Diff line number Diff line change
Expand Up @@ -14,6 +14,7 @@
#include <openssl/core_names.h>
#include <openssl/evp.h>
#include <openssl/store.h>
#include <openssl/ui.h>
#include "testutil.h"
#include "fake_rsaprov.h"

Expand Down Expand Up @@ -359,6 +360,70 @@ static int test_pkey_delete(void)
return ret;
}

static int fake_pw_read_string(UI *ui, UI_STRING *uis)
{
const char *passphrase = FAKE_PASSPHRASE;

if (UI_get_string_type(uis) == UIT_PROMPT) {
UI_set_result(ui, uis, passphrase);
return 1;
}

return 0;
}

static int test_pkey_store_open_ex(void)
{
OSSL_PROVIDER *deflt = NULL;
OSSL_PROVIDER *fake_rsa = NULL;
int ret = 0;
EVP_PKEY *pkey = NULL;
OSSL_STORE_LOADER *loader = NULL;
OSSL_STORE_CTX *ctx = NULL;
const char *propq = "?provider=fake-rsa";
UI_METHOD *ui_method = NULL;

/* It's important to load the default provider first for this test */
if (!TEST_ptr(deflt = OSSL_PROVIDER_load(libctx, "default")))
goto end;

if (!TEST_ptr(fake_rsa = fake_rsa_start(libctx)))
goto end;

if (!TEST_ptr(loader = OSSL_STORE_LOADER_fetch(libctx, "fake_rsa",
propq)))
goto end;

OSSL_STORE_LOADER_free(loader);

if (!TEST_ptr(ui_method= UI_create_method("PW Callbacks")))
goto end;

if (UI_method_set_reader(ui_method, fake_pw_read_string))
goto end;

if (!TEST_ptr(ctx = OSSL_STORE_open_ex("fake_rsa:openpwtest", libctx, propq,
ui_method, NULL, NULL, NULL, NULL)))
goto end;

/* retry w/o ui_method to ensure we actually enter pw checks and fail */
OSSL_STORE_close(ctx);
if (!TEST_ptr_null(ctx = OSSL_STORE_open_ex("fake_rsa:openpwtest", libctx,
propq, NULL, NULL, NULL, NULL,
NULL)))
goto end;

ret = 1;

end:
UI_destroy_method(ui_method);
fake_rsa_finish(fake_rsa);
OSSL_PROVIDER_unload(deflt);
OSSL_STORE_close(ctx);
EVP_PKEY_free(pkey);
return ret;
}

int setup_tests(void)
{
libctx = OSSL_LIB_CTX_new();
Expand All @@ -370,6 +435,7 @@ int setup_tests(void)
ADD_TEST(test_pkey_eq);
ADD_ALL_TESTS(test_pkey_store, 2);
ADD_TEST(test_pkey_delete);
ADD_TEST(test_pkey_store_open_ex);

return 1;
}
Expand Down

0 comments on commit 6412900

Please sign in to comment.