1#! /usr/bin/env perl 2# Copyright 2015-2022 The OpenSSL Project Authors. All Rights Reserved. 3# 4# Licensed under the Apache License 2.0 (the "License"). You may not use 5# this file except in compliance with the License. You can obtain a copy 6# in the file LICENSE in the source distribution or at 7# https://www.openssl.org/source/license.html 8 9 10use strict; 11use warnings; 12 13use File::Spec; 14use OpenSSL::Test qw/:DEFAULT srctop_file/; 15use OpenSSL::Test::Utils; 16 17setup("test_ec"); 18 19plan skip_all => 'EC is not supported in this build' if disabled('ec'); 20 21plan tests => 15; 22 23my $no_fips = disabled('fips') || ($ENV{NO_FIPS} // 0); 24 25require_ok(srctop_file('test','recipes','tconversion.pl')); 26 27ok(run(test(["ectest"])), "running ectest"); 28 29# TODO: remove these when the 'ec' app is removed. 30# Also consider moving this to the 20-25 test section because it is testing 31# the command line tool in addition to the algorithm. 32subtest 'EC conversions -- private key' => sub { 33 tconversion( -type => 'ec', -prefix => 'ec-priv', 34 -in => srctop_file("test","testec-p256.pem") ); 35}; 36subtest 'EC conversions -- private key PKCS#8' => sub { 37 tconversion( -type => 'ec', -prefix => 'ec-pkcs8', 38 -in => srctop_file("test","testec-p256.pem"), 39 -args => "pkey" ); 40}; 41subtest 'EC conversions -- public key' => sub { 42 tconversion( -type => 'ec', -prefix => 'ec-pub', 43 -in => srctop_file("test","testecpub-p256.pem"), 44 -args => [ "ec", "-pubin", "-pubout" ] ); 45}; 46 47subtest 'PKEY conversions -- private key' => sub { 48 tconversion( -type => 'pkey', -prefix => 'ec-pkey-priv', 49 -in => srctop_file("test","testec-p256.pem") ); 50}; 51subtest 'PKEY conversions -- private key PKCS#8' => sub { 52 tconversion( -type => 'pkey', -prefix => 'ec-pkey-pkcs8', 53 -in => srctop_file("test","testec-p256.pem"), 54 -args => "pkey" ); 55}; 56subtest 'PKEY conversions -- public key' => sub { 57 tconversion( -type => 'pkey', -prefix => 'ec-pkey-pub', 58 -in => srctop_file("test","testecpub-p256.pem"), 59 -args => [ "pkey", "-pubin", "-pubout" ] ); 60}; 61 62subtest 'Ed25519 conversions -- private key' => sub { 63 tconversion( -type => "pkey", -prefix => "ed25519-pkey-priv", 64 -in => srctop_file("test", "tested25519.pem") ); 65}; 66subtest 'Ed25519 conversions -- private key PKCS#8' => sub { 67 tconversion( -type => "pkey", -prefix => "ed25519-pkey-pkcs8", 68 -in => srctop_file("test", "tested25519.pem"), 69 -args => ["pkey"] ); 70}; 71subtest 'Ed25519 conversions -- public key' => sub { 72 tconversion( -type => "pkey", -prefix => "ed25519-pkey-pub", 73 -in => srctop_file("test", "tested25519pub.pem"), 74 -args => ["pkey", "-pubin", "-pubout"] ); 75}; 76subtest 'Ed448 conversions -- private key' => sub { 77 tconversion( -type => "pkey", -prefix => "ed448-pkey-priv", 78 -in => srctop_file("test", "tested448.pem") ); 79}; 80subtest 'Ed448 conversions -- private key PKCS#8' => sub { 81 tconversion( -type => "pkey", -prefix => "ed448-pkey-pkcs8", 82 -in => srctop_file("test", "tested448.pem"), 83 -args => ["pkey"] ); 84}; 85subtest 'Ed448 conversions -- public key' => sub { 86 tconversion( -type => "pkey", -prefix => "ed448-pkey-pub", 87 -in => srctop_file("test", "tested448pub.pem"), 88 -args => ["pkey", "-pubin", "-pubout"] ); 89}; 90 91subtest 'Check loading of fips and non-fips keys' => sub { 92 plan skip_all => "FIPS is disabled" 93 if $no_fips; 94 95 plan tests => 2; 96 97 my $fipsconf = srctop_file("test", "fips-and-base.cnf"); 98 $ENV{OPENSSL_CONF} = $fipsconf; 99 100 ok(!run(app(['openssl', 'pkey', 101 '-check', '-in', srctop_file("test", "testec-p112r1.pem")])), 102 "Checking non-fips curve key fails in FIPS provider"); 103 104 ok(run(app(['openssl', 'pkey', 105 '-provider', 'default', 106 '-propquery', '?fips!=yes', 107 '-check', '-in', srctop_file("test", "testec-p112r1.pem")])), 108 "Checking non-fips curve key succeeds with non-fips property query"); 109 110 delete $ENV{OPENSSL_CONF}; 111} 112