Add testing for the new ED paths in EVP_PKEY layer

lealem47 · lealem47 · commit 7b81e298b72a · 2026-04-06T12:35:42.000-06:00
diff --git a/tests/api/test_evp_pkey.c b/tests/api/test_evp_pkey.c
@@ -2357,3 +2357,183 @@ int test_wolfSSL_EVP_PKEY_print_public(void)
     return EXPECT_RESULT();
 }
 
+/* Coverage for the Ed25519 EVP_PKEY layer:
+ *   - wolfSSL_d2i_PrivateKey(EVP_PKEY_ED25519, ...) on a PKCS#8 PrivateKeyInfo
+ *     (the path used by wolfSSL_PEM_read_bio_PrivateKey when keyFormat is
+ *     ED25519k, e.g. OpenVPN's --key file load).
+ *   - wolfSSL_d2i_PUBKEY on a DER-encoded SubjectPublicKeyInfo (the standard
+ *     d2i_PUBKEY input).
+ *   - wolfSSL_d2i_PUBKEY on a 32-byte raw Ed25519 public key (the dual-input
+ *     fallback used by CopyDecodedToX509 where dCert->publicKey is the raw
+ *     bytes from the SPKI BIT STRING, not a wrapped SPKI).
+ *   - wolfSSL_EVP_PKEY_id reports the new WC_EVP_PKEY_ED25519 type.
+ *   - wolfSSL_EVP_PKEY_free cleans up the embedded ed25519_key without leaks.
+ */
+int test_wolfSSL_EVP_PKEY_ed25519(void)
+{
+    EXPECT_DECLS;
+#if defined(OPENSSL_EXTRA) && defined(HAVE_ED25519)
+    WOLFSSL_EVP_PKEY* pkey = NULL;
+    const unsigned char* p;
+    /* 32 arbitrary bytes used as a "raw Ed25519 public key". The wolfCrypt
+     * import path does not validate that these encode a curve point, so any
+     * 32-byte input is accepted - which mirrors the bytes the X509 parser
+     * actually hands to d2i_PUBKEY from a real cert's SPKI BIT STRING. */
+    static const unsigned char rawPub[32] = {
+        0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+        0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
+        0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
+        0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f
+    };
+    /* The same 32 bytes wrapped in a 44-byte Ed25519 SubjectPublicKeyInfo:
+     *   SEQUENCE (42)
+     *     SEQUENCE (5)  AlgorithmIdentifier
+     *       OID 1.3.101.112 (Ed25519)
+     *     BIT STRING (33)  0 unused bits + 32 raw key bytes
+     */
+    static const unsigned char spkiPub[] = {
+        0x30, 0x2a, 0x30, 0x05, 0x06, 0x03, 0x2b, 0x65, 0x70, 0x03, 0x21, 0x00,
+        0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+        0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
+        0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
+        0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f
+    };
+
+    /* d2i_PrivateKey: Ed25519 PKCS#8 PrivateKeyInfo. Exercises the new
+     * WC_EVP_PKEY_ED25519 case in d2i_evp_pkey() including the algId match
+     * for the PKCS#8 wrapper. */
+    p = server_ed25519_key;
+    ExpectNotNull(pkey = wolfSSL_d2i_PrivateKey(EVP_PKEY_ED25519, NULL,
+        &p, (long)sizeof_server_ed25519_key));
+    ExpectIntEQ(wolfSSL_EVP_PKEY_id(pkey), EVP_PKEY_ED25519);
+    wolfSSL_EVP_PKEY_free(pkey);
+    pkey = NULL;
+
+    /* d2i_PUBKEY: 44-byte SubjectPublicKeyInfo. Exercises d2iTryEd25519Key's
+     * structured (wc_Ed25519PublicKeyDecode) branch. */
+    p = spkiPub;
+    ExpectNotNull(pkey = wolfSSL_d2i_PUBKEY(NULL, &p, (long)sizeof(spkiPub)));
+    ExpectIntEQ(wolfSSL_EVP_PKEY_id(pkey), EVP_PKEY_ED25519);
+    wolfSSL_EVP_PKEY_free(pkey);
+    pkey = NULL;
+
+    /* d2i_PUBKEY: 32-byte raw key. Exercises d2iTryEd25519Key's raw fallback
+     * (wc_ed25519_import_public). This is the path that nginx and OpenVPN
+     * hit indirectly via CopyDecodedToX509 -> wolfSSL_d2i_PUBKEY where the
+     * caller passes the raw bytes from the SPKI BIT STRING rather than a
+     * wrapped SPKI. */
+    p = rawPub;
+    ExpectNotNull(pkey = wolfSSL_d2i_PUBKEY(NULL, &p, (long)sizeof(rawPub)));
+    ExpectIntEQ(wolfSSL_EVP_PKEY_id(pkey), EVP_PKEY_ED25519);
+    wolfSSL_EVP_PKEY_free(pkey);
+    pkey = NULL;
+
+    /* Negative: garbage of an unrelated length must not be claimed by the
+     * Ed25519 probe (and the chain as a whole must return NULL since none
+     * of the other probes match either). */
+    {
+        static const unsigned char junk[16] = { 0 };
+        const unsigned char* jp = junk;
+        ExpectNull(wolfSSL_d2i_PUBKEY(NULL, &jp, (long)sizeof(junk)));
+    }
+#endif
+    return EXPECT_RESULT();
+}
+
+/* End-to-end test of the OpenVPN-style flow: load an Ed25519 cert into an
+ * SSL_CTX, decode the matching Ed25519 private key into a WOLFSSL_EVP_PKEY
+ * via the new d2i_PrivateKey path, then install it via
+ * wolfSSL_CTX_use_PrivateKey (which now has WC_EVP_PKEY_ED25519/ED448 cases
+ * in its key-type switch). */
+int test_wolfSSL_CTX_use_PrivateKey_ed25519(void)
+{
+    EXPECT_DECLS;
+#if defined(OPENSSL_EXTRA) && defined(HAVE_ED25519) && \
+    !defined(NO_WOLFSSL_SERVER) && !defined(NO_TLS)
+    WOLFSSL_CTX* ctx = NULL;
+    WOLFSSL_EVP_PKEY* pkey = NULL;
+    const unsigned char* p;
+
+    ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method()));
+
+    /* Load the matching Ed25519 server cert via the existing buffer API
+     * (this path is not under test - we just need a cert installed so the
+     * subsequent wolfSSL_CTX_use_PrivateKey() can sanity-check the pair). */
+    ExpectIntEQ(wolfSSL_CTX_use_certificate_buffer(ctx, server_ed25519_cert,
+        (long)sizeof_server_ed25519_cert, WOLFSSL_FILETYPE_ASN1),
+        WOLFSSL_SUCCESS);
+
+    /* Decode the Ed25519 private key as a WOLFSSL_EVP_PKEY using the new
+     * code path. */
+    p = server_ed25519_key;
+    ExpectNotNull(pkey = wolfSSL_d2i_PrivateKey(EVP_PKEY_ED25519, NULL,
+        &p, (long)sizeof_server_ed25519_key));
+    ExpectIntEQ(wolfSSL_EVP_PKEY_id(pkey), EVP_PKEY_ED25519);
+
+    /* Install it. Before this patch, wolfSSL_CTX_use_PrivateKey's switch
+     * fell through to the default arm and returned 0 for any non
+     * RSA/ECC/DSA type, which is what made OpenVPN print "Cannot load
+     * private key file". */
+    ExpectIntEQ(wolfSSL_CTX_use_PrivateKey(ctx, pkey), WOLFSSL_SUCCESS);
+
+    wolfSSL_EVP_PKEY_free(pkey);
+    wolfSSL_CTX_free(ctx);
+#endif
+    return EXPECT_RESULT();
+}
+
+/* Coverage for the Ed448 side of the EVP_PKEY layer. There are no Ed448
+ * test buffers in certs_test.h, so this test only exercises d2i_PUBKEY
+ * with hand-constructed inputs (both SPKI-wrapped and 32+25 raw bytes). */
+int test_wolfSSL_EVP_PKEY_ed448(void)
+{
+    EXPECT_DECLS;
+#if defined(OPENSSL_EXTRA) && defined(HAVE_ED448)
+    WOLFSSL_EVP_PKEY* pkey = NULL;
+    const unsigned char* p;
+    /* 57 arbitrary bytes used as a "raw Ed448 public key". */
+    static const unsigned char rawPub[57] = {
+        0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+        0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
+        0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
+        0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f,
+        0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27,
+        0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f,
+        0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
+        0x38
+    };
+    /* The same 57 bytes wrapped in a 71-byte Ed448 SubjectPublicKeyInfo:
+     *   SEQUENCE (67)
+     *     SEQUENCE (5)  AlgorithmIdentifier
+     *       OID 1.3.101.113 (Ed448)
+     *     BIT STRING (58)  0 unused bits + 57 raw key bytes
+     */
+    static const unsigned char spkiPub[] = {
+        0x30, 0x43, 0x30, 0x05, 0x06, 0x03, 0x2b, 0x65, 0x71, 0x03, 0x3a, 0x00,
+        0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+        0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
+        0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
+        0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f,
+        0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27,
+        0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f,
+        0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
+        0x38
+    };
+
+    /* SPKI path. */
+    p = spkiPub;
+    ExpectNotNull(pkey = wolfSSL_d2i_PUBKEY(NULL, &p, (long)sizeof(spkiPub)));
+    ExpectIntEQ(wolfSSL_EVP_PKEY_id(pkey), EVP_PKEY_ED448);
+    wolfSSL_EVP_PKEY_free(pkey);
+    pkey = NULL;
+
+    /* Raw 57-byte fallback path. */
+    p = rawPub;
+    ExpectNotNull(pkey = wolfSSL_d2i_PUBKEY(NULL, &p, (long)sizeof(rawPub)));
+    ExpectIntEQ(wolfSSL_EVP_PKEY_id(pkey), EVP_PKEY_ED448);
+    wolfSSL_EVP_PKEY_free(pkey);
+    pkey = NULL;
+#endif
+    return EXPECT_RESULT();
+}
+
diff --git a/tests/api/test_evp_pkey.h b/tests/api/test_evp_pkey.h
@@ -60,6 +60,9 @@ int test_wolfSSL_EVP_MD_ecc_signing(void);
 int test_wolfSSL_EVP_PKEY_encrypt(void);
 int test_wolfSSL_EVP_PKEY_derive(void);
 int test_wolfSSL_EVP_PKEY_print_public(void);
+int test_wolfSSL_EVP_PKEY_ed25519(void);
+int test_wolfSSL_CTX_use_PrivateKey_ed25519(void);
+int test_wolfSSL_EVP_PKEY_ed448(void);
 
 #define TEST_EVP_PKEY_DECLS                                                    \
     TEST_DECL_GROUP("evp_pkey", test_wolfSSL_EVP_PKEY_CTX_new_id),             \
@@ -97,6 +100,9 @@ int test_wolfSSL_EVP_PKEY_print_public(void);
     TEST_DECL_GROUP("evp_pkey", test_wolfSSL_EVP_MD_ecc_signing),              \
     TEST_DECL_GROUP("evp_pkey", test_wolfSSL_EVP_PKEY_encrypt),                \
     TEST_DECL_GROUP("evp_pkey", test_wolfSSL_EVP_PKEY_derive),                 \
-    TEST_DECL_GROUP("evp_pkey", test_wolfSSL_EVP_PKEY_print_public)
+    TEST_DECL_GROUP("evp_pkey", test_wolfSSL_EVP_PKEY_print_public),           \
+    TEST_DECL_GROUP("evp_pkey", test_wolfSSL_EVP_PKEY_ed25519),                \
+    TEST_DECL_GROUP("evp_pkey", test_wolfSSL_CTX_use_PrivateKey_ed25519),      \
+    TEST_DECL_GROUP("evp_pkey", test_wolfSSL_EVP_PKEY_ed448)
 
 #endif /* WOLFCRYPT_TEST_EVP_PKEY_H */
