3030 #define ARRAY_SIZE (a ) ((sizeof(a)/sizeof(a[0])))
3131#endif
3232
33+ #ifndef MAX
34+ #define MAX (a ,b ) ((a) > (b) ? (a) : (b))
35+ #endif
36+
3337#ifndef ED25519_SIGSIZE
3438 #define ED25519_SIGSIZE 64
3539#endif
3640
41+ #ifndef ED25519_KEYLEN
42+ #define ED25519_KEYLEN 32
43+ #endif
44+
45+ #ifndef ED448_KEYLEN
46+ #define ED448_KEYLEN 57
47+ #endif
48+
3749#ifndef ED448_SIGSIZE
3850 #define ED448_SIGSIZE 114
3951#endif
@@ -179,7 +191,8 @@ int test_ecx_sign_verify(void *data)
179191 p = types [i ].key ;
180192
181193 if (err == 0 ) {
182- pkey = d2i_PrivateKey (types [i ].type , NULL , & p , types [i ].keyLen );
194+ pkey = d2i_PrivateKey_ex (types [i ].type , NULL , & p , types [i ].keyLen ,
195+ wpLibCtx , NULL );
183196 err = pkey == NULL ;
184197 if (err ) {
185198 PRINT_MSG ("could not create key" );
@@ -203,6 +216,8 @@ int test_ecx_sign_verify_raw_priv(void *data)
203216
204217 EVP_PKEY * pkey_ossl = NULL ;
205218 EVP_PKEY * pkey_wolf = NULL ;
219+ unsigned char readback_ossl [MAX (ED25519_KEYLEN , ED448_KEYLEN )];
220+ unsigned char readback_wolf [MAX (ED25519_KEYLEN , ED448_KEYLEN )];
206221
207222 #ifdef WP_HAVE_ED25519
208223 unsigned char sig_ed25519 [ED25519_SIGSIZE ];
@@ -233,6 +248,7 @@ int test_ecx_sign_verify_raw_priv(void *data)
233248 PRINT_MSG ("Testing ECX sign/verify with raw keys (%s)" ,
234249 types [i ].name );
235250
251+ /* Create private keys from the byte arrays */
236252 if (err == 0 ) {
237253 pkey_ossl = EVP_PKEY_new_raw_private_key_ex (osslLibCtx ,
238254 types [i ].name , NULL , types [i ].key , types [i ].keyLen );
@@ -251,6 +267,7 @@ int test_ecx_sign_verify_raw_priv(void *data)
251267 }
252268 }
253269
270+ /* Compare keys */
254271 if (err == 0 ) {
255272 if (EVP_PKEY_cmp (pkey_wolf , pkey_ossl ) != 1 ) {
256273 PRINT_MSG ("EVP_PKEY_cmp failed" );
@@ -262,6 +279,48 @@ int test_ecx_sign_verify_raw_priv(void *data)
262279 }
263280 }
264281
282+ /* Verify readback of the key */
283+ if (err == 0 ) {
284+ PRINT_MSG ("Verify readback of private key with OpenSSL (%s)" , types [i ].name );
285+ size_t readbackLen_ossl = types [i ].keyLen ;
286+ /* EVP_PKEY_get_raw_private_key returns 1 for success */
287+ err = EVP_PKEY_get_raw_private_key (pkey_ossl , readback_ossl , & readbackLen_ossl );
288+ err = err != 1 ;
289+ if (err ) {
290+ PRINT_MSG ("EVP_PKEY_get_raw_private_key failed" );
291+ err = 1 ;
292+ }
293+ if (readbackLen_ossl != types [i ].keyLen ) {
294+ PRINT_MSG ("EVP_PKEY_get_raw_private_key length mismatch" );
295+ err = 1 ;
296+ }
297+ if (memcmp (readback_ossl , types [i ].key , readbackLen_ossl ) != 0 ) {
298+ PRINT_MSG ("EVP_PKEY_get_raw_private_key data mismatch" );
299+ err = 1 ;
300+ }
301+ }
302+
303+ /* Compare key with WolfSSL */
304+ if (err == 0 ) {
305+ PRINT_MSG ("Verify readback of private key with WolfSSL (%s)" , types [i ].name );
306+ size_t readbackLen_wolf = types [i ].keyLen ;
307+ /* EVP_PKEY_get_raw_private_key returns 1 for success */
308+ err = EVP_PKEY_get_raw_private_key (pkey_wolf , readback_wolf , & readbackLen_wolf );
309+ err = err != 1 ;
310+ if (err ) {
311+ PRINT_MSG ("EVP_PKEY_get_raw_private_key failed" );
312+ err = 1 ;
313+ }
314+ if (readbackLen_wolf != types [i ].keyLen ) {
315+ PRINT_MSG ("EVP_PKEY_get_raw_private_key length mismatch" );
316+ err = 1 ;
317+ }
318+ if (memcmp (readback_wolf , types [i ].key , readbackLen_wolf ) != 0 ) {
319+ PRINT_MSG ("EVP_PKEY_get_raw_private_key data mismatch" );
320+ err = 1 ;
321+ }
322+ }
323+
265324 if (err == 0 ) {
266325 err = sign_verify (types [i ].sig , types [i ].sigLen , pkey_ossl ,
267326 types [i ].name );
@@ -290,6 +349,8 @@ int test_ecx_sign_verify_raw_pub(void *data)
290349 const unsigned char * p = NULL ;
291350 unsigned char buf [128 ];
292351 size_t bufLen = 0 ;
352+ unsigned char readback_ossl [MAX (ED25519_KEYLEN , ED448_KEYLEN )];
353+ unsigned char readback_wolf [MAX (ED25519_KEYLEN , ED448_KEYLEN )];
293354
294355 #ifdef WP_HAVE_ED25519
295356 unsigned char sig_ed25519 [ED25519_SIGSIZE ];
@@ -341,7 +402,8 @@ int test_ecx_sign_verify_raw_pub(void *data)
341402 }
342403 }
343404
344- /* Use OpenSSL to sign the block of random bytes */
405+ /* Use OpenSSL to sign the block of random bytes. We will use this
406+ * signature to verify with the public key */
345407 if (err == 0 ) {
346408 PRINT_MSG ("Sign with OpenSSL (%s)" , types [i ].name );
347409 err = test_digest_sign (pkey_der , osslLibCtx , buf , bufLen , NULL ,
@@ -379,6 +441,48 @@ int test_ecx_sign_verify_raw_pub(void *data)
379441 }
380442 }
381443
444+ /* Verify readback of the key with OpenSSL */
445+ if (err == 0 ) {
446+ PRINT_MSG ("Verify readback of public key with OpenSSL (%s)" , types [i ].name );
447+ size_t readbackLen_ossl = types [i ].pubKeyLen ;
448+ /* EVP_PKEY_get_raw_public_key returns 1 for success */
449+ err = EVP_PKEY_get_raw_public_key (pkey_ossl , readback_ossl , & readbackLen_ossl );
450+ err = err != 1 ;
451+ if (err ) {
452+ PRINT_MSG ("EVP_PKEY_get_raw_public_key failed" );
453+ err = 1 ;
454+ }
455+ if (readbackLen_ossl != types [i ].pubKeyLen ) {
456+ PRINT_MSG ("EVP_PKEY_get_raw_public_key length mismatch" );
457+ err = 1 ;
458+ }
459+ if (memcmp (readback_ossl , types [i ].pubKey , readbackLen_ossl ) != 0 ) {
460+ PRINT_MSG ("EVP_PKEY_get_raw_public_key data mismatch" );
461+ err = 1 ;
462+ }
463+ }
464+
465+ /* Verify readback of the key with WolfSSL */
466+ if (err == 0 ) {
467+ PRINT_MSG ("Verify readback of public key with WolfSSL (%s)" , types [i ].name );
468+ size_t readbackLen_wolf = types [i ].pubKeyLen ;
469+ /* EVP_PKEY_get_raw_public_key returns 1 for success */
470+ err = EVP_PKEY_get_raw_public_key (pkey_wolf , readback_wolf , & readbackLen_wolf );
471+ err = err != 1 ;
472+ if (err ) {
473+ PRINT_MSG ("EVP_PKEY_get_raw_public_key failed" );
474+ err = 1 ;
475+ }
476+ if (readbackLen_wolf != types [i ].pubKeyLen ) {
477+ PRINT_MSG ("EVP_PKEY_get_raw_public_key length mismatch" );
478+ err = 1 ;
479+ }
480+ if (memcmp (readback_wolf , types [i ].pubKey , readbackLen_wolf ) != 0 ) {
481+ PRINT_MSG ("EVP_PKEY_get_raw_public_key data mismatch" );
482+ err = 1 ;
483+ }
484+ }
485+
382486 /* Verify the signature with the public keys */
383487 if (err == 0 ) {
384488 PRINT_MSG ("Verify with OpenSSL (%s)" , types [i ].name );
@@ -412,4 +516,128 @@ int test_ecx_sign_verify_raw_pub(void *data)
412516 return err ;
413517}
414518
519+ int test_ecx_misc (void * data )
520+ {
521+ int err = 0 ;
522+ (void )data ;
523+
524+ EVP_PKEY * pkey_ossl = NULL ;
525+ EVP_PKEY * pkey_wolf = NULL ;
526+ EVP_PKEY_CTX * ctx_ossl = NULL ;
527+ EVP_PKEY_CTX * ctx_wolf = NULL ;
528+
529+ struct {
530+ int type ;
531+ const char * name ;
532+ } types [] = {
533+ #ifdef WP_HAVE_ED25519
534+ { EVP_PKEY_ED25519 , "ED25519" },
535+ #endif
536+ #ifdef WP_HAVE_ED448
537+ { EVP_PKEY_ED448 , "ED448" },
538+ #endif
539+ };
540+
541+ for (unsigned i = 0 ; i < ARRAY_SIZE (types ) && err == 0 ; i ++ ) {
542+ /* Generate context */
543+ if (err == 0 ) {
544+ ctx_ossl = EVP_PKEY_CTX_new_from_name (osslLibCtx , types [i ].name , NULL );
545+ err = ctx_ossl == NULL ;
546+ }
547+ if (err == 0 ) {
548+ ctx_wolf = EVP_PKEY_CTX_new_from_name (wpLibCtx , types [i ].name , NULL );
549+ err = ctx_wolf == NULL ;
550+ }
551+
552+ /* Init context */
553+ if (err == 0 ) {
554+ err = EVP_PKEY_keygen_init (ctx_ossl );
555+ err = err != 1 ;
556+ }
557+ if (err == 0 ) {
558+ err = EVP_PKEY_keygen_init (ctx_wolf );
559+ err = err != 1 ;
560+ }
561+
562+ /* Generate keys */
563+ if (err == 0 ) {
564+ pkey_ossl = NULL ;
565+ err = EVP_PKEY_generate (ctx_ossl , & pkey_ossl );
566+ err = err != 1 ;
567+ }
568+ if (err == 0 ) {
569+ pkey_wolf = NULL ;
570+ err = EVP_PKEY_generate (ctx_wolf , & pkey_wolf );
571+ err = err != 1 ;
572+ }
573+
574+ /* Compare various util routines */
575+ if (err == 0 ) {
576+ int id_ossl = EVP_PKEY_get_id (pkey_ossl );
577+ int id_wolf = EVP_PKEY_get_id (pkey_wolf );
578+ if (id_ossl != id_wolf ) {
579+ PRINT_MSG ("EVP_PKEY_get_id failed %d %d" , id_ossl , id_wolf );
580+ err = 1 ;
581+ }
582+ }
583+
584+ if (err == 0 ) {
585+ int base_id_ossl = EVP_PKEY_get_base_id (pkey_ossl );
586+ int base_id_wolf = EVP_PKEY_get_base_id (pkey_wolf );
587+ if (base_id_ossl != base_id_wolf ) {
588+ PRINT_MSG ("EVP_PKEY_get_base_id failed %d %d" ,
589+ base_id_ossl , base_id_wolf );
590+ err = 1 ;
591+ }
592+ }
593+
594+ if (err == 0 ) {
595+ int bits_ossl = EVP_PKEY_get_bits (pkey_ossl );
596+ int bits_wolf = EVP_PKEY_get_bits (pkey_wolf );
597+ if (bits_ossl != bits_wolf ) {
598+ PRINT_MSG ("EVP_PKEY_get_bits failed %d %d" ,
599+ bits_ossl , bits_wolf );
600+ err = 1 ;
601+ }
602+ }
603+
604+ if (err == 0 ) {
605+ int sec_ossl = EVP_PKEY_get_security_bits (pkey_ossl );
606+ int sec_wolf = EVP_PKEY_get_security_bits (pkey_wolf );
607+ if (sec_ossl != sec_wolf ) {
608+ PRINT_MSG ("EVP_PKEY_get_security_bits failed %d %d" ,
609+ sec_ossl , sec_wolf );
610+ err = 1 ;
611+ }
612+ }
613+
614+ if (err == 0 ) {
615+ int size_ossl = EVP_PKEY_get_size (pkey_ossl );
616+ int size_wolf = EVP_PKEY_get_size (pkey_wolf );
617+ if (size_ossl != size_wolf ) {
618+ PRINT_MSG ("EVP_PKEY_get_size failed %d %d" ,
619+ size_ossl , size_wolf );
620+ err = 1 ;
621+ }
622+ }
623+
624+ if (err == 0 ) {
625+ int sign_ossl = EVP_PKEY_can_sign (pkey_ossl );
626+ int sign_wolf = EVP_PKEY_can_sign (pkey_wolf );
627+ if (sign_ossl != sign_wolf ) {
628+ PRINT_MSG ("EVP_PKEY_can_sign failed %d %d" ,
629+ sign_ossl , sign_wolf );
630+ err = 1 ;
631+ }
632+ }
633+
634+ EVP_PKEY_free (pkey_ossl );
635+ EVP_PKEY_free (pkey_wolf );
636+ EVP_PKEY_CTX_free (ctx_ossl );
637+ EVP_PKEY_CTX_free (ctx_wolf );
638+ }
639+
640+ return err ;
641+ }
642+
415643#endif /* defined(WP_HAVE_ED25519) || defined(WP_HAVE_ECD444) */
0 commit comments