xref: /freebsd/crypto/openssl/test/recipes/15-test_ec.t (revision 24e4dcf4ba5e9dedcf89efd358ea3e1fe5867020) 
1#! /usr/bin/env perl
2# Copyright 2015-2025 The OpenSSL Project Authors. All Rights Reserved.
3#
4# Licensed under the Apache License 2.0 (the "License").  You may not use
5# this file except in compliance with the License.  You can obtain a copy
6# in the file LICENSE in the source distribution or at
7# https://www.openssl.org/source/license.html
8
9
10use strict;
11use warnings;
12
13use File::Spec;
14use OpenSSL::Test qw/:DEFAULT srctop_file/;
15use OpenSSL::Test::Utils;
16
17setup("test_ec");
18
19plan skip_all => 'EC is not supported in this build' if disabled('ec');
20
21plan tests => 16;
22
23my $no_fips = disabled('fips') || ($ENV{NO_FIPS} // 0);
24
25require_ok(srctop_file('test','recipes','tconversion.pl'));
26
27ok(run(test(["ectest"])), "running ectest");
28
29# TODO: remove these when the 'ec' app is removed.
30# Also consider moving this to the 20-25 test section because it is testing
31# the command line tool in addition to the algorithm.
32subtest 'EC conversions -- private key' => sub {
33    tconversion( -type => 'ec', -prefix => 'ec-priv',
34                 -in => srctop_file("test","testec-p256.pem") );
35};
36
37SKIP: {
38    skip "SM2 is not supported by this OpenSSL build", 1
39        if disabled("sm2");
40    subtest 'EC conversions -- private key' => sub {
41        tconversion( -type => 'ec', -prefix => 'sm2-priv',
42                     -in => srctop_file("test","testec-sm2.pem") );
43    };
44}
45
46subtest 'EC conversions -- private key PKCS#8' => sub {
47    tconversion( -type => 'ec', -prefix => 'ec-pkcs8',
48                 -in => srctop_file("test","testec-p256.pem"),
49                 -args => "pkey" );
50};
51subtest 'EC conversions -- public key' => sub {
52    tconversion( -type => 'ec', -prefix => 'ec-pub',
53                 -in => srctop_file("test","testecpub-p256.pem"),
54                 -args => [ "ec", "-pubin", "-pubout" ] );
55};
56
57subtest 'PKEY conversions -- private key' => sub {
58    tconversion( -type => 'pkey', -prefix => 'ec-pkey-priv',
59                 -in => srctop_file("test","testec-p256.pem") );
60};
61subtest 'PKEY conversions -- private key PKCS#8' => sub {
62    tconversion( -type => 'pkey', -prefix => 'ec-pkey-pkcs8',
63                 -in => srctop_file("test","testec-p256.pem"),
64                 -args => "pkey" );
65};
66subtest 'PKEY conversions -- public key' => sub {
67    tconversion( -type => 'pkey', -prefix => 'ec-pkey-pub',
68                 -in => srctop_file("test","testecpub-p256.pem"),
69                 -args => [ "pkey", "-pubin", "-pubout" ] );
70};
71
72SKIP: {
73    skip "ECX is not supported by this OpenSSL build", 6
74        if disabled("ecx");
75    subtest 'Ed25519 conversions -- private key' => sub {
76        tconversion( -type => "pkey", -prefix => "ed25519-pkey-priv",
77                     -in => srctop_file("test", "tested25519.pem") );
78    };
79    subtest 'Ed25519 conversions -- private key PKCS#8' => sub {
80        tconversion( -type => "pkey", -prefix => "ed25519-pkey-pkcs8",
81                     -in => srctop_file("test", "tested25519.pem"),
82                     -args => ["pkey"] );
83    };
84    subtest 'Ed25519 conversions -- public key' => sub {
85        tconversion( -type => "pkey", -prefix => "ed25519-pkey-pub",
86                     -in => srctop_file("test", "tested25519pub.pem"),
87                     -args => ["pkey", "-pubin", "-pubout"] );
88    };
89    subtest 'Ed448 conversions -- private key' => sub {
90        tconversion( -type => "pkey", -prefix => "ed448-pkey-priv",
91                     -in => srctop_file("test", "tested448.pem") );
92    };
93    subtest 'Ed448 conversions -- private key PKCS#8' => sub {
94        tconversion( -type => "pkey", -prefix => "ed448-pkey-pkcs8",
95                     -in => srctop_file("test", "tested448.pem"),
96                     -args => ["pkey"] );
97    };
98    subtest 'Ed448 conversions -- public key' => sub {
99        tconversion( -type => "pkey", -prefix => "ed448-pkey-pub",
100                     -in => srctop_file("test", "tested448pub.pem"),
101                     -args => ["pkey", "-pubin", "-pubout"] );
102    };
103}
104
105subtest 'Check loading of fips and non-fips keys' => sub {
106    plan skip_all => "FIPS is disabled"
107        if $no_fips;
108
109    plan tests => 2;
110
111    my $fipsconf = srctop_file("test", "fips-and-base.cnf");
112    $ENV{OPENSSL_CONF} = $fipsconf;
113
114    ok(!run(app(['openssl', 'pkey',
115                 '-check', '-in', srctop_file("test", "testec-p112r1.pem")])),
116        "Checking non-fips curve key fails in FIPS provider");
117
118    ok(run(app(['openssl', 'pkey',
119                '-provider', 'default',
120                '-propquery', '?fips!=yes',
121                '-check', '-in', srctop_file("test", "testec-p112r1.pem")])),
122        "Checking non-fips curve key succeeds with non-fips property query");
123
124    delete $ENV{OPENSSL_CONF};
125}
126