OpenVPN
test_provider.c
Go to the documentation of this file.
1/*
2 * OpenVPN -- An application to securely tunnel IP networks
3 * over a single UDP port, with support for SSL/TLS-based
4 * session authentication and key exchange,
5 * packet encryption, packet authentication, and
6 * packet compression.
7 *
8 * Copyright (C) 2021-2025 Selva Nair <selva.nair@gmail.com>
9 *
10 * This program is free software; you can redistribute it and/or modify
11 * it under the terms of the GNU General Public License as published by the
12 * Free Software Foundation, either version 2 of the License,
13 * or (at your option) any later version.
14 *
15 * This program is distributed in the hope that it will be useful,
16 * but WITHOUT ANY WARRANTY; without even the implied warranty of
17 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18 * GNU General Public License for more details.
19 *
20 * You should have received a copy of the GNU General Public License along
21 * with this program; if not, see <https://www.gnu.org/licenses/>.
22 */
23
24#ifdef HAVE_CONFIG_H
25#include "config.h"
26#endif
27
28#include "syshead.h"
29#include "manage.h"
30#include "integer.h"
31#include "xkey_common.h"
32
33#ifdef HAVE_XKEY_PROVIDER
34
35#include <setjmp.h>
36#include <cmocka.h>
37#include <openssl/bio.h>
38#include <openssl/pem.h>
39#include <openssl/core_names.h>
40#include <openssl/evp.h>
41
42#include "test_common.h"
43
44struct management *management; /* global */
45static int mgmt_callback_called;
46
47#ifndef _countof
48#define _countof(x) sizeof((x)) / sizeof(*(x))
49#endif
50
51static OSSL_PROVIDER *prov[2];
52
53/* public keys for testing -- RSA and EC */
54static const char pubkey1[] = "-----BEGIN PUBLIC KEY-----\n"
55 "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7GWP6RLCGlvmVioIqYI6\n"
56 "LUR4owA7sJ/nJxBAk+/xzD6gqgSigBsTqeb+gdZwkKjY1N4w2DUA0r5i8Eja/BWN\n"
57 "xMZtC5nxK4MACtMqIwvlzfk130NhFXKtlZj2cyFBXqDdRyeg1ZrUQagcHVcgcReP\n"
58 "9yiePgfO7NUOQk8edEeOR53SFCgnLBQQ9dGWtZN0hO/5BN6NSm/fd6vq0VjTRP5a\n"
59 "BAH/BnqX9/3jV0jh8N9AE59mI1rjVVQ9VDnuAPkS8dLfdC661/CNxt0YWByTIgt1\n"
60 "+qjW4LUvLbnU/rlPhuJ1SBZg+z/JtDBCKfs7syu5WYFqRvNFg7/91Rr/NwxvW/1h\n"
61 "8QIDAQAB\n"
62 "-----END PUBLIC KEY-----\n";
63
64static const char pubkey2[] = "-----BEGIN PUBLIC KEY-----\n"
65 "MFYwEAYHKoZIzj0CAQYFK4EEAAoDQgAEO85iXW+HgnUkwlj1DohNVw0GsnGIh1gZ\n"
66 "u95ff1JiUaJIkYNIkZA+hwIPFVH5aJcSCv3SPIeDS2VUAESNKHZJBQ==\n"
67 "-----END PUBLIC KEY-----\n";
68
69static const char pubkey3[] = "-----BEGIN PUBLIC KEY-----\n"
70 "MCowBQYDK2VwAyEA+q5xjF5hGyyqYZidJdz/0saEQabL3N4wIZJBxNGbgJE=\n"
71 "-----END PUBLIC KEY-----";
72
73static const char *pubkeys[] = { pubkey1, pubkey2, pubkey3 };
74
75static const char *prov_name = "ovpn.xkey";
76
77static const char *test_msg = "Lorem ipsum dolor sit amet, consectetur "
78 "adipisici elit, sed eiusmod tempor incidunt "
79 "ut labore et dolore magna aliqua.";
80
81static const char *test_msg_b64 =
82 "TG9yZW0gaXBzdW0gZG9sb3Igc2l0IGFtZXQsIGNvbnNlY3RldHVyIGFkaXBpc2ljaS"
83 "BlbGl0LCBzZWQgZWl1c21vZCB0ZW1wb3IgaW5jaWR1bnQgdXQgbGFib3JlIGV0IGRv"
84 "bG9yZSBtYWduYSBhbGlxdWEu";
85
86/* Sha256 digest of test_msg excluding NUL terminator */
87static const uint8_t test_digest[] = { 0x77, 0x38, 0x65, 0x00, 0x1e, 0x96, 0x48, 0xc6,
88 0x57, 0x0b, 0xae, 0xc0, 0xb7, 0x96, 0xf9, 0x66,
89 0x4d, 0x5f, 0xd0, 0xb7, 0xdb, 0xf3, 0x3a, 0xbf,
90 0x02, 0xcc, 0x78, 0x61, 0x83, 0x20, 0x20, 0xee };
91
92static const char *test_digest_b64 = "dzhlAB6WSMZXC67At5b5Zk1f0Lfb8zq/Asx4YYMgIO4=";
93
94/* Dummy signature used only to check that the expected callback
95 * was successfully exercised. Keep this shorter than 64 bytes
96 * --- the smallest size of the actual signature with the above
97 * keys.
98 */
99static const uint8_t good_sig[] = { 0xd8, 0xa7, 0xd9, 0x81, 0xd8, 0xaa, 0xd8, 0xad,
100 0x20, 0xd9, 0x8a, 0xd8, 0xa7, 0x20, 0xd8, 0xb3,
101 0xd9, 0x85, 0xd8, 0xb3, 0xd9, 0x85, 0x0 };
102
103static const char *good_sig_b64 = "2KfZgdiq2K0g2YrYpyDYs9mF2LPZhQA=";
104
105static EVP_PKEY *
106load_pubkey(const char *pem)
107{
108 BIO *in = BIO_new_mem_buf(pem, -1);
109 assert_non_null(in);
110
111 EVP_PKEY *pkey = PEM_read_bio_PUBKEY(in, NULL, NULL, NULL);
112 assert_non_null(pkey);
113
114 BIO_free(in);
115 return pkey;
116}
117
118static void
119init_test(void)
120{
121 openvpn_unit_test_setup();
122 prov[0] = OSSL_PROVIDER_load(NULL, "default");
123 OSSL_PROVIDER_add_builtin(NULL, prov_name, xkey_provider_init);
124 prov[1] = OSSL_PROVIDER_load(NULL, prov_name);
125
126 /* set default propq matching what we use in ssl_openssl.c */
127 EVP_set_default_properties(NULL, "?provider!=ovpn.xkey");
128
129#ifdef ENABLE_MANAGEMENT
130 management = test_calloc(sizeof(*management), 1);
131#endif
132}
133
134static void
135uninit_test(void)
136{
137 for (size_t i = 0; i < _countof(prov); i++)
138 {
139 if (prov[i])
140 {
141 OSSL_PROVIDER_unload(prov[i]);
142 }
143 }
144 test_free(management);
145}
146
147/* Mock management callback for signature.
148 * We check that the received data to sign matches test_msg or
149 * test_digest and return a predefined string as signature so that
150 * the caller can validate all steps up to sending the data to
151 * the management client.
152 */
153char *
154management_query_pk_sig(struct management *man, const char *b64_data, const char *algorithm)
155{
156 char *out = NULL;
157
158 /* indicate entry to the callback */
159 mgmt_callback_called = 1;
160
161 const char *expected_tbs = test_digest_b64;
162 if (strstr(algorithm, "data=message"))
163 {
164 expected_tbs = test_msg_b64;
165 /* ED25519 does not have a hash algorithm even though it goes via
166 * the DigestSign path (data=message) */
167 if (!strstr(algorithm, "ED25519"))
168 {
169 assert_non_null(strstr(algorithm, "hashalg=SHA256"));
170 }
171 }
172 assert_string_equal(b64_data, expected_tbs);
173
174 /* We test using ED25519, ECDSA or PSS with saltlen = digest */
175 if (!strstr(algorithm, "ECDSA") && !strstr(algorithm, "ED25519"))
176 {
177 assert_non_null(strstr(algorithm, "RSA_PKCS1_PSS_PADDING,hashalg=SHA256,saltlen=digest"));
178 }
179
180 /* Return a predefined string as sig so that the caller
181 * can confirm that this callback was exercised.
182 */
183 out = strdup(good_sig_b64);
184 assert_non_null(out);
185
186 return out;
187}
188
189/* Check signature and keymgmt methods can be fetched from the provider */
190static void
191xkey_provider_test_fetch(void **state)
192{
193 assert_true(OSSL_PROVIDER_available(NULL, prov_name));
194
195 const char *algs[] = { "RSA", "ECDSA" };
196
197 for (size_t i = 0; i < _countof(algs); i++)
198 {
199 EVP_SIGNATURE *sig = EVP_SIGNATURE_fetch(NULL, algs[i], "provider=ovpn.xkey");
200 assert_non_null(sig);
201 assert_string_equal(OSSL_PROVIDER_get0_name(EVP_SIGNATURE_get0_provider(sig)), prov_name);
202
203 EVP_SIGNATURE_free(sig);
204 }
205
206 const char *names[] = { "RSA", "EC" };
207
208 for (size_t i = 0; i < _countof(names); i++)
209 {
210 EVP_KEYMGMT *km = EVP_KEYMGMT_fetch(NULL, names[i], "provider=ovpn.xkey");
211 assert_non_null(km);
212 assert_string_equal(OSSL_PROVIDER_get0_name(EVP_KEYMGMT_get0_provider(km)), prov_name);
213
214 EVP_KEYMGMT_free(km);
215 }
216}
217
218/* sign a test message using pkey -- caller must free the returned sig */
219static uint8_t *
220digest_sign(EVP_PKEY *pkey)
221{
222 uint8_t *sig = NULL;
223 size_t siglen = 0;
224
225 OSSL_PARAM params[6] = { OSSL_PARAM_END };
226
227 const char *mdname = "SHA256";
228 const char *padmode = "pss";
229 const char *saltlen = "digest";
230
231 if (EVP_PKEY_get_id(pkey) == EVP_PKEY_RSA)
232 {
233 params[0] =
234 OSSL_PARAM_construct_utf8_string(OSSL_SIGNATURE_PARAM_DIGEST, (char *)mdname, 0);
235 params[1] =
236 OSSL_PARAM_construct_utf8_string(OSSL_SIGNATURE_PARAM_PAD_MODE, (char *)padmode, 0);
237 params[2] =
238 OSSL_PARAM_construct_utf8_string(OSSL_SIGNATURE_PARAM_PSS_SALTLEN, (char *)saltlen, 0);
239 /* same digest for mgf1 */
240 params[3] =
241 OSSL_PARAM_construct_utf8_string(OSSL_SIGNATURE_PARAM_MGF1_DIGEST, (char *)saltlen, 0);
242 params[4] = OSSL_PARAM_construct_end();
243 }
244 else if (EVP_PKEY_get_id(pkey) == EVP_PKEY_ED25519)
245 {
246 mdname = NULL;
247 params[0] = OSSL_PARAM_construct_end();
248 }
249
250
251 EVP_PKEY_CTX *pctx = NULL;
252 EVP_MD_CTX *mctx = EVP_MD_CTX_new();
253
254 if (!mctx || EVP_DigestSignInit_ex(mctx, &pctx, mdname, NULL, NULL, pkey, params) <= 0)
255 {
256 fail_msg("Failed to initialize EVP_DigestSignInit_ex()");
257 goto done;
258 }
259
260 /* sign with sig = NULL to get required siglen */
261 assert_int_equal(EVP_DigestSign(mctx, sig, &siglen, (uint8_t *)test_msg, strlen(test_msg)), 1);
262 assert_true(siglen > 0);
263
264 if ((sig = test_calloc(1, siglen)) == NULL)
265 {
266 fail_msg("Out of memory");
267 }
268 assert_int_equal(EVP_DigestSign(mctx, sig, &siglen, (uint8_t *)test_msg, strlen(test_msg)), 1);
269
270done:
271 if (mctx)
272 {
273 EVP_MD_CTX_free(mctx); /* pctx is internally allocated and freed by mctx */
274 }
275 return sig;
276}
277
278#ifdef ENABLE_MANAGEMENT
279/* Check loading of management external key and have sign callback exercised
280 * for RSA and EC keys with and without digest support in management client.
281 * Sha256 digest used for both cases with pss padding for RSA.
282 */
283static void
284xkey_provider_test_mgmt_sign_cb(void **state)
285{
286 EVP_PKEY *pubkey;
287 for (size_t i = 0; i < _countof(pubkeys); i++)
288 {
289 pubkey = load_pubkey(pubkeys[i]);
290 assert_true(pubkey != NULL);
291 EVP_PKEY *privkey = xkey_load_management_key(NULL, pubkey);
292 assert_true(privkey != NULL);
293
294 management->settings.flags = MF_EXTERNAL_KEY | MF_EXTERNAL_KEY_PSSPAD;
295
296 /* first without digest support in management client */
297again:
298 mgmt_callback_called = 0;
299 uint8_t *sig = digest_sign(privkey);
300 assert_non_null(sig);
301
302 /* check callback for signature got exercised */
303 assert_int_equal(mgmt_callback_called, 1);
304 assert_memory_equal(sig, good_sig, sizeof(good_sig));
305 test_free(sig);
306
307 if (!(management->settings.flags & MF_EXTERNAL_KEY_DIGEST))
308 {
309 management->settings.flags |= MF_EXTERNAL_KEY_DIGEST;
310 goto again; /* this time with digest support announced */
311 }
312
313 EVP_PKEY_free(pubkey);
314 EVP_PKEY_free(privkey);
315 }
316}
317#endif /* ifdef ENABLE_MANAGEMENT */
318
319/* helpers for testing generic key load and sign */
320static int xkey_free_called;
321static int xkey_sign_called;
322static void
323xkey_free(void *handle)
324{
325 xkey_free_called = 1;
326 /* We use a dummy string as handle -- check its value */
327 assert_string_equal(handle, "xkey_handle");
328}
329
330static int
331xkey_sign(void *handle, unsigned char *sig, size_t *siglen, const unsigned char *tbs, size_t tbslen,
332 XKEY_SIGALG s)
333{
334 if (!sig)
335 {
336 *siglen = 256; /* some arbitrary size */
337 return 1;
338 }
339
340 xkey_sign_called = 1; /* called with non-null sig */
341
342 if (!strcmp(s.op, "DigestSign"))
343 {
344 assert_memory_equal(tbs, test_msg, strlen(test_msg));
345 }
346 else
347 {
348 assert_memory_equal(tbs, test_digest, sizeof(test_digest));
349 }
350
351 /* For the test use sha256 and PSS padding for RSA and none for EDDSA */
352 if (!strcmp(s.keytype, "ED25519"))
353 {
354 assert_string_equal(s.mdname, "none");
355 }
356 else
357 {
358 assert_int_equal(OBJ_sn2nid(s.mdname), NID_sha256);
359 }
360 if (!strcmp(s.keytype, "RSA"))
361 {
362 assert_string_equal(s.padmode, "pss"); /* we use PSS for the test */
363 }
364 else if (strcmp(s.keytype, "EC") && strcmp(s.keytype, "ED25519"))
365 {
366 fail_msg("Unknown keytype: %s", s.keytype);
367 }
368
369 /* return a predefined string as sig */
370 memcpy(sig, good_sig, min_size(sizeof(good_sig), *siglen));
371
372 return 1;
373}
374
375/* Load a key as a generic key and check its sign op gets
376 * called for signature.
377 */
378static void
379xkey_provider_test_generic_sign_cb(void **state)
380{
381 EVP_PKEY *pubkey;
382 const char *dummy = "xkey_handle"; /* a dummy handle for the external key */
383
384 for (size_t i = 0; i < _countof(pubkeys); i++)
385 {
386 pubkey = load_pubkey(pubkeys[i]);
387 assert_true(pubkey != NULL);
388
389 EVP_PKEY *privkey =
390 xkey_load_generic_key(NULL, (void *)dummy, pubkey, xkey_sign, xkey_free);
391 assert_true(privkey != NULL);
392
393 xkey_sign_called = 0;
394 xkey_free_called = 0;
395 uint8_t *sig = digest_sign(privkey);
396 assert_non_null(sig);
397
398 /* check callback for signature got exercised */
399 assert_int_equal(xkey_sign_called, 1);
400 assert_memory_equal(sig, good_sig, sizeof(good_sig));
401 test_free(sig);
402
403 EVP_PKEY_free(pubkey);
404 EVP_PKEY_free(privkey);
405
406 /* check key's free-op got called */
407 assert_int_equal(xkey_free_called, 1);
408 }
409}
410
411int
412main(void)
413{
414 init_test();
415
416 const struct CMUnitTest tests[] = {
417 cmocka_unit_test(xkey_provider_test_fetch),
418#ifdef ENABLE_MANAGEMENT
419 cmocka_unit_test(xkey_provider_test_mgmt_sign_cb),
420#endif
421 cmocka_unit_test(xkey_provider_test_generic_sign_cb),
422 };
423
424 int ret = cmocka_run_group_tests_name("xkey provider tests", tests, NULL, NULL);
425
426 uninit_test();
427 return ret;
428}
429#else /* ifdef HAVE_XKEY_PROVIDER */
430int
431main(void)
432{
433 return 0;
434}
435#endif /* HAVE_XKEY_PROVIDER */
min_size
static size_t min_size(size_t x, size_t y)
Definition integer.h:79
management_query_pk_sig
char * management_query_pk_sig(struct management *man, const char *b64_data, const char *algorithm)
Definition manage.c:3768
MF_EXTERNAL_KEY_PSSPAD
#define MF_EXTERNAL_KEY_PSSPAD
Definition manage.h:43
MF_EXTERNAL_KEY
#define MF_EXTERNAL_KEY
Definition manage.h:36
MF_EXTERNAL_KEY_DIGEST
#define MF_EXTERNAL_KEY_DIGEST
Definition manage.h:44
OSSL_PROVIDER
void OSSL_PROVIDER
Definition openssl_compat.h:128
man_settings::flags
unsigned int flags
Definition manage.h:241
management::settings
struct man_settings settings
Definition manage.h:334
test_common.h
openvpn_unit_test_setup
static void openvpn_unit_test_setup(void)
Sets up the environment for unit tests like making both stderr and stdout non-buffered to avoid messa...
Definition test_common.h:35
main
int main(void)
Definition test_provider.c:431
i
int i
Definition test_push_update_msg.c:120
xkey_common.h
Generated by doxygen 1.9.8