diff options
Diffstat (limited to 'lib/crypto/test/engine_SUITE.erl')
-rw-r--r-- | lib/crypto/test/engine_SUITE.erl | 376 |
1 files changed, 192 insertions, 184 deletions
diff --git a/lib/crypto/test/engine_SUITE.erl b/lib/crypto/test/engine_SUITE.erl index cab519fdb9..8907d3968f 100644 --- a/lib/crypto/test/engine_SUITE.erl +++ b/lib/crypto/test/engine_SUITE.erl @@ -1,7 +1,7 @@ %% %% %CopyrightBegin% %% -%% Copyright Ericsson AB 2017-2021. All Rights Reserved. +%% Copyright Ericsson AB 2017-2022. All Rights Reserved. %% %% Licensed under the Apache License, Version 2.0 (the "License"); %% you may not use this file except in compliance with the License. @@ -35,12 +35,8 @@ end_per_testcase/2, get_all_possible_methods/0, get_all_possible_methods/1, - engine_load_all_methods/0, - engine_load_all_methods/1, - engine_load_some_methods/0, - engine_load_some_methods/1, - multiple_engine_load/0, - multiple_engine_load/1, + engine_load_register_method/0, + engine_load_register_method/1, engine_list/0, engine_list/1, get_id_and_name/0, @@ -63,10 +59,13 @@ ctrl_cmd_string_optional/1, ensure_load/0, ensure_load/1, + gc_clean/0, + gc_clean/1, sign_verify_rsa/1, sign_verify_rsa_fake/1, sign_verify_dsa/1, sign_verify_ecdsa/1, + sign_verify_eddsa/1, sign_verify_rsa_pwd/1, sign_verify_rsa_pwd_bad_pwd/1, priv_encrypt_pub_decrypt_rsa/1, @@ -92,9 +91,7 @@ suite() -> all() -> [ get_all_possible_methods, - engine_load_all_methods, - engine_load_some_methods, - multiple_engine_load, + engine_load_register_method, engine_list, get_id_and_name, engine_by_id, @@ -106,6 +103,7 @@ all() -> ctrl_cmd_string, ctrl_cmd_string_optional, ensure_load, + gc_clean, {group, engine_stored_key}, {group, engine_fakes_rsa} ]. @@ -116,6 +114,7 @@ groups() -> sign_verify_rsa, sign_verify_dsa, sign_verify_ecdsa, + sign_verify_eddsa, sign_verify_rsa_pwd, sign_verify_rsa_pwd_bad_pwd, priv_encrypt_pub_decrypt_rsa, @@ -129,9 +128,11 @@ groups() -> get_pub_from_priv_key_dsa, get_pub_from_priv_key_ecdsa ]}, - {engine_fakes_rsa, [], [sign_verify_rsa_fake - ]} - ]. + {engine_fakes_rsa, [], + [ + sign_verify_rsa_fake + ]} + ]. init_per_suite(Config) -> @@ -187,10 +188,10 @@ init_per_group(engine_fakes_rsa, Config) -> init_per_group(_Group, Config0) -> Config0. - group_load_engine(Config, ExcludeMthds) -> - case load_storage_engine(Config, ExcludeMthds) of + case load_storage_engine(Config) of {ok, E} -> + ok = crypto:engine_register(E, crypto:engine_get_all_methods() -- ExcludeMthds), KeyDir = key_dir(Config), ct:log("storage engine ~p loaded.~nKeyDir = ~p", [E,KeyDir]), [{storage_engine,E}, {storage_dir,KeyDir} | Config]; @@ -205,10 +206,6 @@ group_load_engine(Config, ExcludeMthds) -> {fail, "Engine load failed"} end. - - - - end_per_group(_, Config) -> case proplists:get_value(storage_engine, Config) of undefined -> @@ -219,18 +216,22 @@ end_per_group(_, Config) -> %%-------------------------------------------------------------------- init_per_testcase(Case, Config) -> - case string:tokens(atom_to_list(Case),"_") of - ["sign","verify",Type|_] -> - skip_if_unsup(list_to_atom(Type), Config); - - ["priv","encrypt","pub","decrypt",Type|_] -> - skip_if_unsup(list_to_atom(Type), Config); - - ["get","pub","from","priv","key",Type|_] -> - skip_if_unsup(list_to_atom(Type), Config); - + HasMD5 = lists:member(md5, crypto:supports(hashs)), + case Case of + ensure_load when HasMD5==false -> {skip, "md5 not available"}; + engine_load_register_method when HasMD5==false -> {skip, "md5 not available"}; + gc_clean when HasMD5==false -> {skip, "md5 not available"}; _ -> - Config + case string:tokens(atom_to_list(Case),"_") of + ["sign","verify",Type|_] -> + skip_if_unsup(list_to_atom(Type), Config); + ["priv","encrypt","pub","decrypt",Type|_] -> + skip_if_unsup(list_to_atom(Type), Config); + ["get","pub","from","priv","key",Type|_] -> + skip_if_unsup(list_to_atom(Type), Config); + _ -> + Config + end end. end_per_testcase(_Case, _Config) -> @@ -253,12 +254,13 @@ get_all_possible_methods(Config) when is_list(Config) -> {skip, "Engine not supported on this SSL version"} end. -engine_load_all_methods()-> +%%------------------------------------------------------------------------- +engine_load_register_method()-> [{doc, "Use a dummy md5 engine that does not implement md5" "but rather returns a static binary to test that crypto:engine_load " "functions works."}]. -engine_load_all_methods(Config) when is_list(Config) -> +engine_load_register_method(Config) when is_list(Config) -> case crypto:get_test_engine() of {error, notexist} -> {skip, "OTP Test engine not found"}; @@ -270,8 +272,10 @@ engine_load_all_methods(Config) when is_list(Config) -> case crypto:engine_load(<<"dynamic">>, [{<<"SO_PATH">>, Engine}, <<"LOAD">>], - []) of + []) of {ok, E} -> + ok = crypto:engine_register(E, [engine_method_digests]), + case crypto:hash(md5, "Don't panic") of Md5Hash1 -> ct:fail(fail_to_load_still_original_engine); @@ -280,128 +284,10 @@ engine_load_all_methods(Config) when is_list(Config) -> _ -> ct:fail(fail_to_load_engine) end, - ok = crypto:engine_unload(E), - case crypto:hash(md5, "Don't panic") of - Md5Hash2 -> - ct:fail(fail_to_unload_still_test_engine); - Md5Hash1 -> - ok; - _ -> - ct:fail(fail_to_unload_engine) - end; - {error, bad_engine_id} -> - {skip, "Dynamic Engine not supported"} - end - catch - error:notsup -> - {skip, "Engine not supported on this SSL version"} - end - end. - -engine_load_some_methods()-> - [{doc, "Use a dummy md5 engine that does not implement md5" - "but rather returns a static binary to test that crypto:engine_load " - "functions works."}]. -engine_load_some_methods(Config) when is_list(Config) -> - case crypto:get_test_engine() of - {error, notexist} -> - {skip, "OTP Test engine not found"}; - {ok, Engine} -> - try - Md5Hash1 = <<106,30,3,246,166,222,229,158,244,217,241,179,50,232,107,109>>, - Md5Hash1 = crypto:hash(md5, "Don't panic"), - Md5Hash2 = <<0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15>>, - EngineMethods = crypto:engine_get_all_methods() -- - [engine_method_dh, engine_method_rand, - engine_method_ciphers, engine_method_store, - engine_method_pkey_meths, engine_method_pkey_asn1_meths], - case crypto:engine_load(<<"dynamic">>, - [{<<"SO_PATH">>, Engine}, - <<"LOAD">>], - [], - EngineMethods) of - {ok, E} -> - case crypto:hash(md5, "Don't panic") of - Md5Hash1 -> - ct:fail(fail_to_load_engine_still_original); - Md5Hash2 -> - ok; - _ -> - ct:fail(fail_to_load_engine) - end, + ok = crypto:engine_unregister(E, [engine_method_digests]), ok = crypto:engine_unload(E), - case crypto:hash(md5, "Don't panic") of - Md5Hash2 -> - ct:fail(fail_to_unload_still_test_engine); - Md5Hash1 -> - ok; - _ -> - ct:fail(fail_to_unload_engine) - end; - {error, bad_engine_id} -> - {skip, "Dynamic Engine not supported"} - end - catch - error:notsup -> - {skip, "Engine not supported on this SSL version"} - end - end. - -multiple_engine_load()-> - [{doc, "Use a dummy md5 engine that does not implement md5" - "but rather returns a static binary to test that crypto:engine_load " - "functions works when called multiple times."}]. -multiple_engine_load(Config) when is_list(Config) -> - case crypto:get_test_engine() of - {error, notexist} -> - {skip, "OTP Test engine not found"}; - {ok, Engine} -> - try - Md5Hash1 = <<106,30,3,246,166,222,229,158,244,217,241,179,50,232,107,109>>, - Md5Hash1 = crypto:hash(md5, "Don't panic"), - Md5Hash2 = <<0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15>>, - case crypto:engine_load(<<"dynamic">>, - [{<<"SO_PATH">>, Engine}, - <<"LOAD">>], - []) of - {ok, E} -> - {ok, E1} = crypto:engine_load(<<"dynamic">>, - [{<<"SO_PATH">>, Engine}, - <<"LOAD">>], - []), - {ok, E2} = crypto:engine_load(<<"dynamic">>, - [{<<"SO_PATH">>, Engine}, - <<"LOAD">>], - []), - case crypto:hash(md5, "Don't panic") of - Md5Hash1 -> - ct:fail(fail_to_load_still_original_engine); - Md5Hash2 -> - ok; - _ -> - ct:fail(fail_to_load_engine) - end, - ok = crypto:engine_unload(E2), - case crypto:hash(md5, "Don't panic") of - Md5Hash1 -> - ct:fail(fail_to_load_still_original_engine); - Md5Hash2 -> - ok; - _ -> - ct:fail(fail_to_load_engine) - end, - ok = crypto:engine_unload(E), - case crypto:hash(md5, "Don't panic") of - Md5Hash1 -> - ct:fail(fail_to_load_still_original_engine); - Md5Hash2 -> - ok; - _ -> - ct:fail(fail_to_load_engine) - end, - ok = crypto:engine_unload(E1), case crypto:hash(md5, "Don't panic") of Md5Hash2 -> ct:fail(fail_to_unload_still_test_engine); @@ -419,6 +305,7 @@ multiple_engine_load(Config) when is_list(Config) -> end end. +%%------------------------------------------------------------------------- engine_list()-> [{doc, "Test add and remove engine ID to the SSL internal engine list."}]. @@ -449,6 +336,7 @@ engine_list(Config) when is_list(Config) -> end end. +%%------------------------------------------------------------------------- get_id_and_name()-> [{doc, "Test fetching id and name from an engine."}]. @@ -475,6 +363,7 @@ get_id_and_name(Config) when is_list(Config) -> end end. +%%------------------------------------------------------------------------- engine_by_id()-> [{doc, "Test fetching a new reference the the engine when the" "engine id is added to the SSL engine list."}]. @@ -568,6 +457,7 @@ bad_arguments(Config) when is_list(Config) -> end end. +%%------------------------------------------------------------------------- unknown_engine() -> [{doc, "Try to load a non existent engine."}]. @@ -580,6 +470,7 @@ unknown_engine(Config) when is_list(Config) -> {skip, "Engine not supported on this SSL version"} end. +%%------------------------------------------------------------------------- pre_command_fail_bad_value() -> [{doc, "Test pre command due to bad value"}]. @@ -602,6 +493,7 @@ pre_command_fail_bad_value(Config) when is_list(Config) -> {skip, "Engine not supported on this SSL version"} end. +%%------------------------------------------------------------------------- pre_command_fail_bad_key() -> [{doc, "Test pre command due to bad key"}]. @@ -627,6 +519,7 @@ pre_command_fail_bad_key(Config) when is_list(Config) -> {skip, "Engine not supported on this SSL version"} end. +%%------------------------------------------------------------------------- failed_engine_init()-> [{doc, "Test failing engine init due to missed pre command"}]. @@ -651,7 +544,6 @@ failed_engine_init(Config) when is_list(Config) -> {skip, "Engine not supported on this SSL version"} end. - %%------------------------------------------------------------------------- %% Test the optional flag in ctrl comands ctrl_cmd_string()-> @@ -684,6 +576,7 @@ ctrl_cmd_string(Config) when is_list(Config) -> {skip, "Engine not supported on this SSL version"} end. +%%------------------------------------------------------------------------- ctrl_cmd_string_optional()-> [{doc, "Test that a not known optional ctrl command do not fail"}]. ctrl_cmd_string_optional(Config) when is_list(Config) -> @@ -715,6 +608,9 @@ ctrl_cmd_string_optional(Config) when is_list(Config) -> {skip, "Engine not supported on this SSL version"} end. +%%------------------------------------------------------------------------- +% +% ensure_load()-> [{doc, "Test the special ensure load function."}]. @@ -728,8 +624,9 @@ ensure_load(Config) when is_list(Config) -> Md5Hash1 = crypto:hash(md5, "Don't panic"), Md5Hash2 = <<0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15>>, case crypto:ensure_engine_loaded(<<"MD5">>, Engine) of - {ok, E1} -> - {ok, E2} = crypto:ensure_engine_loaded(<<"MD5">>, Engine), + {ok, E} -> + ok = crypto:engine_register(E, [engine_method_digests]), + case crypto:hash(md5, "Don't panic") of Md5Hash1 -> ct:fail(fail_to_load_still_original_engine); @@ -739,49 +636,155 @@ ensure_load(Config) when is_list(Config) -> ct:fail(fail_to_load_engine) end, - {ok, E3} = crypto:engine_by_id(<<"MD5">>), - - ok = crypto:ensure_engine_unloaded(E3), + {ok, E1} = crypto:ensure_engine_loaded(<<"MD5">>, Engine), case crypto:hash(md5, "Don't panic") of Md5Hash1 -> + ct:fail(fail_to_load_still_original_engine); + Md5Hash2 -> ok; + _ -> + ct:fail(fail_to_load_engine) + end, + + ok = crypto:ensure_engine_unloaded(E1), + case crypto:hash(md5, "Don't panic") of + Md5Hash1 -> + ct:fail(fail_test_engine_unloaded); Md5Hash2 -> - ct:fail(fail_to_unload_still_test_engine); + ok; _ -> - ct:fail(load_engine) + ct:fail(fail_to_unload_engine) end, - %% ToDo: Why doesn't this work? - %% {ok, E4} = crypto:ensure_engine_loaded(<<"MD5">>, Engine), - %% case crypto:hash(md5, "Don't panic") of - %% Md5Hash1 -> - %% ct:fail(fail_to_load_still_original_engine); - %% Md5Hash2 -> - %% ok; - %% _ -> - %% ct:fail(fail_to_load_engine) - %% end, + {ok, E2} = crypto:ensure_engine_loaded(<<"MD5">>, Engine), + case crypto:hash(md5, "Don't panic") of + Md5Hash1 -> + ct:fail(fail_test_engine_not_loaded); + Md5Hash2 -> + ok; + _ -> + ct:fail(fail_to_load_engine) + end, + ok = crypto:ensure_engine_unloaded(E2), - ok = crypto:ensure_engine_unloaded(E1), + {ok, E3} = crypto:ensure_engine_loaded(<<"MD5">>, Engine), + case crypto:hash(md5, "Don't panic") of + Md5Hash1 -> + ct:fail(fail_test_engine_not_loaded); + Md5Hash2 -> + ok; + _ -> + ct:fail(fail_to_load_engine) + end, + + ok = crypto:ensure_engine_unloaded(E), case crypto:hash(md5, "Don't panic") of + Md5Hash1 -> + ct:fail(fail_test_engine_not_loaded); Md5Hash2 -> - ct:fail(fail_to_unload_still_test_engine); + ok; + _ -> + ct:fail(fail_to_unload_engine) + end, + + ok = crypto:engine_unregister(E3, [engine_method_digests]), + ok = crypto:ensure_engine_unloaded(E3), + case crypto:hash(md5, "Don't panic") of Md5Hash1 -> - ok = crypto:ensure_engine_unloaded(E2), - %% ok = crypto:ensure_engine_unloaded(E4); ok; + Md5Hash2 -> + ct:fail(fail_to_unload_still_test_engine); _ -> ct:fail(fail_to_unload_engine) end; + {error, bad_engine_id} -> {skip, "Dynamic Engine not supported"} end catch error:notsup -> - {skip, "Engine not supported on this SSL version"} + {skip, "Engine not supported on this SSL version"} end end. +%%------------------------------------------------------------------------- +gc_clean()-> + [{doc, "Test the special ensure load function."}]. + +gc_clean(Config) when is_list(Config) -> + case crypto:get_test_engine() of + {error, notexist} -> + {skip, "OTP Test engine not found"}; + {ok, Engine} -> + + Md5Hash1 = <<106,30,3,246,166,222,229,158,244,217,241,179,50,232,107,109>>, + Md5Hash1 = crypto:hash(md5, "Don't panic"), + Md5Hash2 = <<0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15>>, + + load_without_unload(Engine, Md5Hash1, Md5Hash2), + + erlang:garbage_collect(), + timer:sleep(1000), + + case crypto:hash(md5, "Don't panic") of + Md5Hash2 -> + ct:fail(fail_to_unload_still_test_engine); + Md5Hash1 -> + ok; + _ -> + ct:fail(fail_to_unload_engine) + end, + + try + case crypto:ensure_engine_loaded(<<"MD5">>, Engine) of + {ok, E} -> + ok = crypto:engine_register(E, [engine_method_digests]), + case crypto:hash(md5, "Don't panic") of + Md5Hash1 -> + ct:fail(fail_to_load_still_original_engine); + Md5Hash2 -> + ok; + _ -> + ct:fail(fail_to_load_engine) + end, + + ok = crypto:engine_unregister(E, [engine_method_digests]), + ok = crypto:engine_remove(E), + ok = crypto:ensure_engine_unloaded(E), + + case crypto:hash(md5, "Don't panic") of + Md5Hash2 -> + ct:fail(fail_to_unload_still_test_engine); + Md5Hash1 -> + ok; + _ -> + ct:fail(fail_to_unload_engine) + end; + {error, bad_engine_id} -> + {skip, "Dynamic Engine not supported"} + end + catch + error:notsup -> + {skip, "Engine not supported on this SSL version"} + end + end. + +load_without_unload(Engine, Md5Hash1, Md5Hash2) -> + case crypto:ensure_engine_loaded(<<"MD5">>, Engine) of + {ok, E} -> + ok = crypto:engine_register(E, [engine_method_digests]), + case crypto:hash(md5, "Don't panic") of + Md5Hash1 -> + ct:fail(fail_to_load_still_original_engine); + Md5Hash2 -> + ok = crypto:engine_unregister(E, [engine_method_digests]), + ok; + _ -> + ct:fail(fail_to_load_engine) + end; + {error, bad_engine_id} -> + io:format("load_without_unload: bad_engine_id\n", []) + end. %%%---------------------------------------------------------------- %%% Pub/priv key storage tests. Those are for testing the crypto.erl @@ -816,6 +819,13 @@ sign_verify_ecdsa(Config) -> key_id => key_id(Config, "ecdsa_public_key.pem")}, sign_verify(ecdsa, sha, Priv, Pub). +sign_verify_eddsa(Config) -> + Priv = #{engine => engine_ref(Config), + key_id => key_id(Config, "eddsa_private_key.pem")}, + Pub = #{engine => engine_ref(Config), + key_id => key_id(Config, "eddsa_public_key.pem")}, + sign_verify(eddsa, sha, Priv, Pub). + sign_verify_rsa_pwd(Config) -> Priv = #{engine => engine_ref(Config), key_id => key_id(Config, "rsa_private_key_pwd.pem"), @@ -833,7 +843,7 @@ sign_verify_rsa_pwd_bad_pwd(Config) -> try sign_verify(rsa, sha, Priv, Pub) of _ -> {fail, "PWD prot pubkey sign succeeded with no pwd!"} catch - error:badarg -> ok + error:{badarg,_,_} -> ok end. priv_encrypt_pub_decrypt_rsa(Config) -> @@ -974,16 +984,14 @@ pkey_supported(Type) -> lists:member(Type, proplists:get_value(public_keys, crypto:supports(), [])). -load_storage_engine(_Config, ExcludeMthds) -> +load_storage_engine(_Config) -> case crypto:get_test_engine() of - {ok, Engine} -> + {ok, EngineLibPath} -> try crypto:engine_load(<<"dynamic">>, - [{<<"SO_PATH">>, Engine}, - <<"LOAD">>], - [], - crypto:engine_get_all_methods() -- ExcludeMthds - ) - catch + [{<<"SO_PATH">>, EngineLibPath}, + <<"LOAD">>], + []) + catch error:notsup -> {error, notsup} end; |