X-Git-Url: http://wagner.pp.ru/gitweb/?a=blobdiff_plain;f=test_params.c;h=f7d4b90f8fbb3989ea9b94ce4713f9e38bfb0207;hb=9aa10ba25786b585e29c3f396d74bc4b3594467b;hp=b4776628150e9fa487f7dbd4cfbc095525d3481e;hpb=d370b91c2fa5a5e81ce7a3ab710349f14dd9ed9e;p=openssl-gost%2Fengine.git

diff --git a/test_params.c b/test_params.c
index b477662..f7d4b90 100644
--- a/test_params.c
+++ b/test_params.c
@@ -882,7 +882,7 @@ static void print_test_result(int err)
 
 static int test_cert(struct test_cert *tc)
 {
-    int err = 0;
+    int ret = 0, err;
     X509 *x;
     const unsigned char *p;
 
@@ -917,15 +917,63 @@ static int test_cert(struct test_cert *tc)
     /*
      * Verify
      */
-    printf("  X509_verify API\t");
+    printf("  X509_verify API\t\t");
     fflush(stdout);
     EVP_PKEY *pk;
     TE(pk = X509_get0_pubkey(x));
     /* Similar to: openssl verify -partial_chain -check_ss_sig ... */
+    /* X509_verify uses EVP_DigestVerify internally */
     err = X509_verify(x, pk);
     print_test_result(err);
+    ret |= err != 1;
+
+    /* Verify manually. */
+    const ASN1_BIT_STRING *signature;
+    X509_get0_signature(&signature, NULL, x);
+    unsigned char *tbs = NULL; /* signed part */
+    int tbs_len;
+    T((tbs_len = i2d_re_X509_tbs(x, &tbs)) > 0);
+    int algnid, hash_nid, pknid;
+    T(algnid = X509_get_signature_nid(x));
+    T(OBJ_find_sigid_algs(algnid, &hash_nid, &pknid));
+
+    printf("  EVP_Verify API\t\t");
+    EVP_MD_CTX *md_ctx;
+    T(md_ctx = EVP_MD_CTX_new());
+    const EVP_MD *mdtype;
+    T(mdtype = EVP_get_digestbynid(hash_nid));
+    T(EVP_VerifyInit(md_ctx, mdtype));
+    T(EVP_VerifyUpdate(md_ctx, tbs, tbs_len));
+    err = EVP_VerifyFinal(md_ctx, signature->data, signature->length, pk);
+    print_test_result(err);
+    EVP_MD_CTX_free(md_ctx);
+    ret |= err != 1;
+
+    X509_free(x);
+    OPENSSL_free(tbs);
+    return ret;
+}
 
-    return err != 1;
+/* Generate EC_KEY with proper parameters using temporary PKEYs.
+ * This emulates fill_GOST_EC_params() call.
+ */
+static int EC_KEY_create(int type, int param_nid, EC_KEY *dst)
+{
+    EVP_PKEY *pkey;
+    T(pkey = EVP_PKEY_new());
+    T(EVP_PKEY_set_type(pkey, type));
+    EVP_PKEY_CTX *ctx;
+    T(ctx = EVP_PKEY_CTX_new(pkey, NULL));
+    T(EVP_PKEY_paramgen_init(ctx));
+    T(EVP_PKEY_CTX_ctrl(ctx, type, -1, EVP_PKEY_CTRL_GOST_PARAMSET, param_nid, NULL));
+    EVP_PKEY *pkey2 = NULL;
+    int err;
+    TE((err = EVP_PKEY_paramgen(ctx, &pkey2)) == 1);
+    T(EC_KEY_copy(dst, EVP_PKEY_get0(pkey2)));
+    EVP_PKEY_CTX_free(ctx);
+    EVP_PKEY_free(pkey);
+    EVP_PKEY_free(pkey2);
+    return err;
 }
 
 static int test_param(struct test_param *t)
@@ -936,7 +984,6 @@ static int test_param(struct test_param *t)
     const char *sn = OBJ_nid2sn(t->param);
 
     printf(cBLUE "Test %s (cp):\n" cNORM, sn);
-    //T(pkey = EVP_PKEY_new_raw_public_key(NID_id_GostR3410_2001, NULL, t->pub_key, 64));
 
     switch (t->len) {
 	case 256 / 8:
@@ -962,7 +1009,7 @@ static int test_param(struct test_param *t)
     /* Manually construct public key */
     EC_KEY *ec;
     T(ec = EC_KEY_new());
-    T(fill_GOST_EC_params(ec, t->param));
+    T(EC_KEY_create(type, t->param, ec));
     const EC_GROUP *group;
     T(group = EC_KEY_get0_group(ec));
     unsigned char *pub_key;
@@ -992,32 +1039,53 @@ static int test_param(struct test_param *t)
     T(ctx = EVP_PKEY_CTX_new(pkey, NULL));
     unsigned char *sig;
     T(sig = OPENSSL_malloc(siglen));
-    /* Need to reverse provided signature for unknown reason */
+    /* Need to reverse provided signature for unknown reason,
+     * contrary to how it goes into signature. */
     BUF_reverse(sig, t->signature, siglen);
 
     /* Verify using EVP_PKEY_verify API */
-    printf("  EVP_PKEY_verify API\t");
+    printf("  EVP_PKEY_verify API\t\t");
     T(EVP_PKEY_verify_init(ctx));
     err = EVP_PKEY_verify(ctx, sig, siglen, t->hash, t->len);
+    EVP_PKEY_CTX_free(ctx);
     print_test_result(err);
     ret |= err != 1;
 
     /* Verify using EVP_Verify API */
     if (t->data) {
-	printf("  EVP_Verify API\t");
+	printf("  EVP_Verify API\t\t");
 	EVP_MD_CTX *md_ctx;
 	T(md_ctx = EVP_MD_CTX_new());
 	const EVP_MD *mdtype;
 	T(mdtype = EVP_get_digestbynid(hash_nid));
 	T(EVP_VerifyInit(md_ctx, mdtype));
-	T(EVP_VerifyUpdate(md_ctx, t->data, t->data_len));
+	/* Feed byte-by-byte. */
+	int i;
+	for (i = 0; i < t->data_len; i++)
+	    T(EVP_VerifyUpdate(md_ctx, &t->data[i], 1));
 	err = EVP_VerifyFinal(md_ctx, sig, siglen, pkey);
 	print_test_result(err);
 	EVP_MD_CTX_free(md_ctx);
 	ret |= err != 1;
     }
 
+    /* Verify using EVP_DigestVerifyInit API */
+    if (t->data) {
+	printf("  EVP_DigestVerifyInit API\t");
+	EVP_MD_CTX *md_ctx;
+	T(md_ctx = EVP_MD_CTX_new());
+	const EVP_MD *mdtype;
+	T(mdtype = EVP_get_digestbynid(hash_nid));
+	T(EVP_DigestVerifyInit(md_ctx, NULL, mdtype, NULL, pkey));
+	/* Verify in one step. */
+	err = EVP_DigestVerify(md_ctx, sig, siglen, t->data, t->data_len);
+	print_test_result(err);
+	EVP_MD_CTX_free(md_ctx);
+	ret |= err != 1;
+    }
+
     OPENSSL_free(sig);
+    EVP_PKEY_free(pkey);
     return ret;
 }
 
@@ -1025,11 +1093,13 @@ int main(int argc, char **argv)
 {
     int ret = 0;
 
+    setenv("OPENSSL_ENGINES", ENGINE_DIR, 0);
     OPENSSL_add_all_algorithms_conf();
     ERR_load_crypto_strings();
-    ENGINE *e = ENGINE_new();
-    bind_gost(e, "gost");
-    ENGINE_register_complete(e);
+    ENGINE *eng;
+    T(eng = ENGINE_by_id("gost"));
+    T(ENGINE_init(eng));
+    T(ENGINE_set_default(eng, ENGINE_METHOD_ALL));
 
     struct test_param **tpp;
     for (tpp = test_params; *tpp; tpp++)
@@ -1039,5 +1109,8 @@ int main(int argc, char **argv)
     for (tc = test_certs; tc->cert; tc++)
 	ret |= test_cert(tc);
 
+    ENGINE_finish(eng);
+    ENGINE_free(eng);
+
     return ret;
 }