mirror of https://github.com/wolfSSL/wolfssl.git
Merge pull request #1307 from JacobBarthelmeh/Testing
fix check key pair match with ECCpull/1314/head
toddouska
GitHub
commit
2cdcd560a2
32
tests/api.c
32
tests/api.c
|
|
@ -13613,7 +13613,7 @@ static void test_wolfSSL_ASN1_TIME_print()
|
||||||
static void test_wolfSSL_private_keys(void)
|
static void test_wolfSSL_private_keys(void)
|
||||||
{
|
{
|
||||||
#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \
|
#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \
|
||||||
!defined(NO_FILESYSTEM) && !defined(NO_RSA)
|
!defined(NO_FILESYSTEM)
|
||||||
WOLFSSL* ssl;
|
WOLFSSL* ssl;
|
||||||
WOLFSSL_CTX* ctx;
|
WOLFSSL_CTX* ctx;
|
||||||
EVP_PKEY* pkey = NULL;
|
EVP_PKEY* pkey = NULL;
|
||||||
|
|
@ -13623,6 +13623,7 @@ static void test_wolfSSL_private_keys(void)
|
||||||
OpenSSL_add_all_digests();
|
OpenSSL_add_all_digests();
|
||||||
OpenSSL_add_all_algorithms();
|
OpenSSL_add_all_algorithms();
|
||||||
|
|
||||||
|
#ifndef NO_RSA
|
||||||
AssertNotNull(ctx = SSL_CTX_new(wolfSSLv23_server_method()));
|
AssertNotNull(ctx = SSL_CTX_new(wolfSSLv23_server_method()));
|
||||||
AssertTrue(SSL_CTX_use_certificate_file(ctx, svrCertFile, WOLFSSL_FILETYPE_PEM));
|
AssertTrue(SSL_CTX_use_certificate_file(ctx, svrCertFile, WOLFSSL_FILETYPE_PEM));
|
||||||
AssertTrue(SSL_CTX_use_PrivateKey_file(ctx, svrKeyFile, WOLFSSL_FILETYPE_PEM));
|
AssertTrue(SSL_CTX_use_PrivateKey_file(ctx, svrKeyFile, WOLFSSL_FILETYPE_PEM));
|
||||||
|
|
@ -13662,12 +13663,41 @@ static void test_wolfSSL_private_keys(void)
|
||||||
EVP_PKEY_free(pkey);
|
EVP_PKEY_free(pkey);
|
||||||
SSL_free(ssl); /* frees x509 also since loaded into ssl */
|
SSL_free(ssl); /* frees x509 also since loaded into ssl */
|
||||||
SSL_CTX_free(ctx);
|
SSL_CTX_free(ctx);
|
||||||
|
#endif /* end of RSA private key match tests */
|
||||||
|
|
||||||
|
|
||||||
|
#ifdef HAVE_ECC
|
||||||
|
AssertNotNull(ctx = SSL_CTX_new(wolfSSLv23_server_method()));
|
||||||
|
AssertTrue(SSL_CTX_use_certificate_file(ctx, eccCertFile,
|
||||||
|
WOLFSSL_FILETYPE_PEM));
|
||||||
|
AssertTrue(SSL_CTX_use_PrivateKey_file(ctx, eccKeyFile,
|
||||||
|
WOLFSSL_FILETYPE_PEM));
|
||||||
|
AssertNotNull(ssl = SSL_new(ctx));
|
||||||
|
|
||||||
|
AssertIntEQ(wolfSSL_check_private_key(ssl), WOLFSSL_SUCCESS);
|
||||||
|
SSL_free(ssl);
|
||||||
|
|
||||||
|
|
||||||
|
AssertTrue(SSL_CTX_use_PrivateKey_file(ctx, cliEccKeyFile,
|
||||||
|
WOLFSSL_FILETYPE_PEM));
|
||||||
|
AssertNotNull(ssl = SSL_new(ctx));
|
||||||
|
|
||||||
|
AssertIntNE(wolfSSL_check_private_key(ssl), WOLFSSL_SUCCESS);
|
||||||
|
|
||||||
|
SSL_free(ssl);
|
||||||
|
SSL_CTX_free(ctx);
|
||||||
|
#endif /* end of ECC private key match tests */
|
||||||
|
|
||||||
|
|
||||||
/* test existence of no-op macros in wolfssl/openssl/ssl.h */
|
/* test existence of no-op macros in wolfssl/openssl/ssl.h */
|
||||||
CONF_modules_free();
|
CONF_modules_free();
|
||||||
ENGINE_cleanup();
|
ENGINE_cleanup();
|
||||||
CONF_modules_unload();
|
CONF_modules_unload();
|
||||||
|
|
||||||
|
(void)ssl;
|
||||||
|
(void)ctx;
|
||||||
|
(void)pkey;
|
||||||
|
|
||||||
printf(resultFmt, passed);
|
printf(resultFmt, passed);
|
||||||
#endif /* defined(OPENSSL_EXTRA) && !defined(NO_CERTS) */
|
#endif /* defined(OPENSSL_EXTRA) && !defined(NO_CERTS) */
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -1803,24 +1803,39 @@ int wc_CheckPrivateKey(byte* key, word32 keySz, DecodedCert* der)
|
||||||
|
|
||||||
#ifdef HAVE_ECC
|
#ifdef HAVE_ECC
|
||||||
if (der->keyOID == ECDSAk) {
|
if (der->keyOID == ECDSAk) {
|
||||||
word32 keyIdx = 0;
|
|
||||||
ecc_key key_pair;
|
ecc_key key_pair;
|
||||||
|
byte privDer[MAX_ECC_BYTES];
|
||||||
|
word32 privSz = MAX_ECC_BYTES;
|
||||||
|
word32 keyIdx = 0;
|
||||||
|
|
||||||
if ((ret = wc_ecc_init(&key_pair)) < 0)
|
if ((ret = wc_ecc_init(&key_pair)) < 0)
|
||||||
return ret;
|
return ret;
|
||||||
|
|
||||||
if ((ret = wc_EccPrivateKeyDecode(key, &keyIdx, &key_pair,
|
if ((ret = wc_EccPrivateKeyDecode(key, &keyIdx, &key_pair,
|
||||||
keySz)) == 0) {
|
keySz)) == 0) {
|
||||||
WOLFSSL_MSG("Checking ECC key pair");
|
WOLFSSL_MSG("Checking ECC key pair");
|
||||||
keyIdx = 0;
|
|
||||||
if ((ret = wc_ecc_import_x963(der->publicKey, der->pubKeySize,
|
if ((ret = wc_ecc_export_private_only(&key_pair, privDer, &privSz))
|
||||||
&key_pair)) == 0) {
|
== 0) {
|
||||||
/* public and private extracted successfuly no check if is
|
wc_ecc_free(&key_pair);
|
||||||
|
ret = wc_ecc_init(&key_pair);
|
||||||
|
if (ret == 0) {
|
||||||
|
ret = wc_ecc_import_private_key((const byte*)privDer,
|
||||||
|
privSz, (const byte*)der->publicKey,
|
||||||
|
der->pubKeySize, &key_pair);
|
||||||
|
}
|
||||||
|
|
||||||
|
/* public and private extracted successfuly now check if is
|
||||||
* a pair and also do sanity checks on key. wc_ecc_check_key
|
* a pair and also do sanity checks on key. wc_ecc_check_key
|
||||||
* checks that private * base generator equals pubkey */
|
* checks that private * base generator equals pubkey */
|
||||||
if ((ret = wc_ecc_check_key(&key_pair)) == 0)
|
if (ret == 0) {
|
||||||
|
if ((ret = wc_ecc_check_key(&key_pair)) == 0) {
|
||||||
ret = 1;
|
ret = 1;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
ForceZero(privDer, privSz);
|
||||||
|
}
|
||||||
|
}
|
||||||
wc_ecc_free(&key_pair);
|
wc_ecc_free(&key_pair);
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue