xref: /freebsd/crypto/openssl/test/recipes/15-test_ec.t (revision e0c4386e7e71d93b0edc0c8fa156263fc4a8b0b6) 
1*e0c4386eSCy Schubert#! /usr/bin/env perl
2*e0c4386eSCy Schubert# Copyright 2015-2022 The OpenSSL Project Authors. All Rights Reserved.
3*e0c4386eSCy Schubert#
4*e0c4386eSCy Schubert# Licensed under the Apache License 2.0 (the "License").  You may not use
5*e0c4386eSCy Schubert# this file except in compliance with the License.  You can obtain a copy
6*e0c4386eSCy Schubert# in the file LICENSE in the source distribution or at
7*e0c4386eSCy Schubert# https://www.openssl.org/source/license.html
8*e0c4386eSCy Schubert
9*e0c4386eSCy Schubert
10*e0c4386eSCy Schubertuse strict;
11*e0c4386eSCy Schubertuse warnings;
12*e0c4386eSCy Schubert
13*e0c4386eSCy Schubertuse File::Spec;
14*e0c4386eSCy Schubertuse OpenSSL::Test qw/:DEFAULT srctop_file/;
15*e0c4386eSCy Schubertuse OpenSSL::Test::Utils;
16*e0c4386eSCy Schubert
17*e0c4386eSCy Schubertsetup("test_ec");
18*e0c4386eSCy Schubert
19*e0c4386eSCy Schubertplan skip_all => 'EC is not supported in this build' if disabled('ec');
20*e0c4386eSCy Schubert
21*e0c4386eSCy Schubertplan tests => 15;
22*e0c4386eSCy Schubert
23*e0c4386eSCy Schubertmy $no_fips = disabled('fips') || ($ENV{NO_FIPS} // 0);
24*e0c4386eSCy Schubert
25*e0c4386eSCy Schubertrequire_ok(srctop_file('test','recipes','tconversion.pl'));
26*e0c4386eSCy Schubert
27*e0c4386eSCy Schubertok(run(test(["ectest"])), "running ectest");
28*e0c4386eSCy Schubert
29*e0c4386eSCy Schubert# TODO: remove these when the 'ec' app is removed.
30*e0c4386eSCy Schubert# Also consider moving this to the 20-25 test section because it is testing
31*e0c4386eSCy Schubert# the command line tool in addition to the algorithm.
32*e0c4386eSCy Schubertsubtest 'EC conversions -- private key' => sub {
33*e0c4386eSCy Schubert    tconversion( -type => 'ec', -prefix => 'ec-priv',
34*e0c4386eSCy Schubert                 -in => srctop_file("test","testec-p256.pem") );
35*e0c4386eSCy Schubert};
36*e0c4386eSCy Schubertsubtest 'EC conversions -- private key PKCS#8' => sub {
37*e0c4386eSCy Schubert    tconversion( -type => 'ec', -prefix => 'ec-pkcs8',
38*e0c4386eSCy Schubert                 -in => srctop_file("test","testec-p256.pem"),
39*e0c4386eSCy Schubert                 -args => "pkey" );
40*e0c4386eSCy Schubert};
41*e0c4386eSCy Schubertsubtest 'EC conversions -- public key' => sub {
42*e0c4386eSCy Schubert    tconversion( -type => 'ec', -prefix => 'ec-pub',
43*e0c4386eSCy Schubert                 -in => srctop_file("test","testecpub-p256.pem"),
44*e0c4386eSCy Schubert                 -args => [ "ec", "-pubin", "-pubout" ] );
45*e0c4386eSCy Schubert};
46*e0c4386eSCy Schubert
47*e0c4386eSCy Schubertsubtest 'PKEY conversions -- private key' => sub {
48*e0c4386eSCy Schubert    tconversion( -type => 'pkey', -prefix => 'ec-pkey-priv',
49*e0c4386eSCy Schubert                 -in => srctop_file("test","testec-p256.pem") );
50*e0c4386eSCy Schubert};
51*e0c4386eSCy Schubertsubtest 'PKEY conversions -- private key PKCS#8' => sub {
52*e0c4386eSCy Schubert    tconversion( -type => 'pkey', -prefix => 'ec-pkey-pkcs8',
53*e0c4386eSCy Schubert                 -in => srctop_file("test","testec-p256.pem"),
54*e0c4386eSCy Schubert                 -args => "pkey" );
55*e0c4386eSCy Schubert};
56*e0c4386eSCy Schubertsubtest 'PKEY conversions -- public key' => sub {
57*e0c4386eSCy Schubert    tconversion( -type => 'pkey', -prefix => 'ec-pkey-pub',
58*e0c4386eSCy Schubert                 -in => srctop_file("test","testecpub-p256.pem"),
59*e0c4386eSCy Schubert                 -args => [ "pkey", "-pubin", "-pubout" ] );
60*e0c4386eSCy Schubert};
61*e0c4386eSCy Schubert
62*e0c4386eSCy Schubertsubtest 'Ed25519 conversions -- private key' => sub {
63*e0c4386eSCy Schubert    tconversion( -type => "pkey", -prefix => "ed25519-pkey-priv",
64*e0c4386eSCy Schubert                 -in => srctop_file("test", "tested25519.pem") );
65*e0c4386eSCy Schubert};
66*e0c4386eSCy Schubertsubtest 'Ed25519 conversions -- private key PKCS#8' => sub {
67*e0c4386eSCy Schubert    tconversion( -type => "pkey", -prefix => "ed25519-pkey-pkcs8",
68*e0c4386eSCy Schubert                 -in => srctop_file("test", "tested25519.pem"),
69*e0c4386eSCy Schubert                 -args => ["pkey"] );
70*e0c4386eSCy Schubert};
71*e0c4386eSCy Schubertsubtest 'Ed25519 conversions -- public key' => sub {
72*e0c4386eSCy Schubert    tconversion( -type => "pkey", -prefix => "ed25519-pkey-pub",
73*e0c4386eSCy Schubert                 -in => srctop_file("test", "tested25519pub.pem"),
74*e0c4386eSCy Schubert                 -args => ["pkey", "-pubin", "-pubout"] );
75*e0c4386eSCy Schubert};
76*e0c4386eSCy Schubertsubtest 'Ed448 conversions -- private key' => sub {
77*e0c4386eSCy Schubert    tconversion( -type => "pkey", -prefix => "ed448-pkey-priv",
78*e0c4386eSCy Schubert                 -in => srctop_file("test", "tested448.pem") );
79*e0c4386eSCy Schubert};
80*e0c4386eSCy Schubertsubtest 'Ed448 conversions -- private key PKCS#8' => sub {
81*e0c4386eSCy Schubert    tconversion( -type => "pkey", -prefix => "ed448-pkey-pkcs8",
82*e0c4386eSCy Schubert                 -in => srctop_file("test", "tested448.pem"),
83*e0c4386eSCy Schubert                 -args => ["pkey"] );
84*e0c4386eSCy Schubert};
85*e0c4386eSCy Schubertsubtest 'Ed448 conversions -- public key' => sub {
86*e0c4386eSCy Schubert    tconversion( -type => "pkey", -prefix => "ed448-pkey-pub",
87*e0c4386eSCy Schubert                 -in => srctop_file("test", "tested448pub.pem"),
88*e0c4386eSCy Schubert                 -args => ["pkey", "-pubin", "-pubout"] );
89*e0c4386eSCy Schubert};
90*e0c4386eSCy Schubert
91*e0c4386eSCy Schubertsubtest 'Check loading of fips and non-fips keys' => sub {
92*e0c4386eSCy Schubert    plan skip_all => "FIPS is disabled"
93*e0c4386eSCy Schubert        if $no_fips;
94*e0c4386eSCy Schubert
95*e0c4386eSCy Schubert    plan tests => 2;
96*e0c4386eSCy Schubert
97*e0c4386eSCy Schubert    my $fipsconf = srctop_file("test", "fips-and-base.cnf");
98*e0c4386eSCy Schubert    $ENV{OPENSSL_CONF} = $fipsconf;
99*e0c4386eSCy Schubert
100*e0c4386eSCy Schubert    ok(!run(app(['openssl', 'pkey',
101*e0c4386eSCy Schubert                 '-check', '-in', srctop_file("test", "testec-p112r1.pem")])),
102*e0c4386eSCy Schubert        "Checking non-fips curve key fails in FIPS provider");
103*e0c4386eSCy Schubert
104*e0c4386eSCy Schubert    ok(run(app(['openssl', 'pkey',
105*e0c4386eSCy Schubert                '-provider', 'default',
106*e0c4386eSCy Schubert                '-propquery', '?fips!=yes',
107*e0c4386eSCy Schubert                '-check', '-in', srctop_file("test", "testec-p112r1.pem")])),
108*e0c4386eSCy Schubert        "Checking non-fips curve key succeeds with non-fips property query");
109*e0c4386eSCy Schubert
110*e0c4386eSCy Schubert    delete $ENV{OPENSSL_CONF};
111*e0c4386eSCy Schubert}
112