xref: /freebsd/crypto/openssl/test/recipes/15-test_ecparam.t (revision e0c4386e7e71d93b0edc0c8fa156263fc4a8b0b6) 
1*e0c4386eSCy Schubert#! /usr/bin/env perl
2*e0c4386eSCy Schubert# Copyright 2017-2022 The OpenSSL Project Authors. All Rights Reserved.
3*e0c4386eSCy Schubert#
4*e0c4386eSCy Schubert# Licensed under the Apache License 2.0 (the "License").  You may not use
5*e0c4386eSCy Schubert# this file except in compliance with the License.  You can obtain a copy
6*e0c4386eSCy Schubert# in the file LICENSE in the source distribution or at
7*e0c4386eSCy Schubert# https://www.openssl.org/source/license.html
8*e0c4386eSCy Schubert
9*e0c4386eSCy Schubert
10*e0c4386eSCy Schubertuse strict;
11*e0c4386eSCy Schubertuse warnings;
12*e0c4386eSCy Schubert
13*e0c4386eSCy Schubertuse File::Spec;
14*e0c4386eSCy Schubertuse File::Compare qw/compare_text/;
15*e0c4386eSCy Schubertuse OpenSSL::Glob;
16*e0c4386eSCy Schubertuse OpenSSL::Test qw/:DEFAULT data_file srctop_file bldtop_dir/;
17*e0c4386eSCy Schubertuse OpenSSL::Test::Utils;
18*e0c4386eSCy Schubert
19*e0c4386eSCy Schubertsetup("test_ecparam");
20*e0c4386eSCy Schubert
21*e0c4386eSCy Schubertplan skip_all => "EC or EC2M isn't supported in this build"
22*e0c4386eSCy Schubert    if disabled("ec") || disabled("ec2m");
23*e0c4386eSCy Schubert
24*e0c4386eSCy Schubertmy @valid = glob(data_file("valid", "*.pem"));
25*e0c4386eSCy Schubertmy @noncanon = glob(data_file("noncanon", "*.pem"));
26*e0c4386eSCy Schubertmy @invalid = glob(data_file("invalid", "*.pem"));
27*e0c4386eSCy Schubert
28*e0c4386eSCy Schubertplan tests => 12;
29*e0c4386eSCy Schubert
30*e0c4386eSCy Schubertsub checkload {
31*e0c4386eSCy Schubert    my $files = shift; # List of files
32*e0c4386eSCy Schubert    my $valid = shift; # Check should pass or fail?
33*e0c4386eSCy Schubert    my $app = shift;   # Which application
34*e0c4386eSCy Schubert    my $opt = shift;   # Additional option
35*e0c4386eSCy Schubert
36*e0c4386eSCy Schubert    foreach (@$files) {
37*e0c4386eSCy Schubert        if ($valid) {
38*e0c4386eSCy Schubert            ok(run(app(['openssl', $app, '-noout', $opt, '-in', $_])));
39*e0c4386eSCy Schubert        } else {
40*e0c4386eSCy Schubert            ok(!run(app(['openssl', $app, '-noout', $opt, '-in', $_])));
41*e0c4386eSCy Schubert        }
42*e0c4386eSCy Schubert    }
43*e0c4386eSCy Schubert}
44*e0c4386eSCy Schubert
45*e0c4386eSCy Schubertsub checkcompare {
46*e0c4386eSCy Schubert    my $files = shift; # List of files
47*e0c4386eSCy Schubert    my $app = shift;   # Which application
48*e0c4386eSCy Schubert
49*e0c4386eSCy Schubert    foreach (@$files) {
50*e0c4386eSCy Schubert        my $testout = "$app.tst";
51*e0c4386eSCy Schubert
52*e0c4386eSCy Schubert        ok(run(app(['openssl', $app, '-out', $testout, '-in', $_])));
53*e0c4386eSCy Schubert        ok(!compare_text($_, $testout, sub {
54*e0c4386eSCy Schubert            my $in1 = $_[0];
55*e0c4386eSCy Schubert            my $in2 = $_[1];
56*e0c4386eSCy Schubert            $in1 =~ s/\r\n/\n/g;
57*e0c4386eSCy Schubert            $in2 =~ s/\r\n/\n/g;
58*e0c4386eSCy Schubert            $in1 ne $in2}), "Original file $_ is the same as new one");
59*e0c4386eSCy Schubert    }
60*e0c4386eSCy Schubert}
61*e0c4386eSCy Schubert
62*e0c4386eSCy Schubertmy $no_fips = disabled('fips') || ($ENV{NO_FIPS} // 0);
63*e0c4386eSCy Schubert
64*e0c4386eSCy Schubertsubtest "Check loading valid parameters by ecparam with -check" => sub {
65*e0c4386eSCy Schubert    plan tests => scalar(@valid);
66*e0c4386eSCy Schubert    checkload(\@valid, 1, "ecparam", "-check");
67*e0c4386eSCy Schubert};
68*e0c4386eSCy Schubert
69*e0c4386eSCy Schubertsubtest "Check loading valid parameters by ecparam with -check_named" => sub {
70*e0c4386eSCy Schubert    plan tests => scalar(@valid);
71*e0c4386eSCy Schubert    checkload(\@valid, 1, "ecparam", "-check_named");
72*e0c4386eSCy Schubert};
73*e0c4386eSCy Schubert
74*e0c4386eSCy Schubertsubtest "Check loading valid parameters by pkeyparam with -check" => sub {
75*e0c4386eSCy Schubert    plan tests => scalar(@valid);
76*e0c4386eSCy Schubert    checkload(\@valid, 1, "pkeyparam", "-check");
77*e0c4386eSCy Schubert};
78*e0c4386eSCy Schubert
79*e0c4386eSCy Schubertsubtest "Check loading non-canonically encoded parameters by ecparam with -check" => sub {
80*e0c4386eSCy Schubert    plan tests => scalar(@noncanon);
81*e0c4386eSCy Schubert    checkload(\@noncanon, 1, "ecparam", "-check");
82*e0c4386eSCy Schubert};
83*e0c4386eSCy Schubert
84*e0c4386eSCy Schubertsubtest "Check loading non-canonically encoded parameters by ecparam with -check_named" => sub {
85*e0c4386eSCy Schubert    plan tests => scalar(@noncanon);
86*e0c4386eSCy Schubert    checkload(\@noncanon, 1, "ecparam", "-check_named");
87*e0c4386eSCy Schubert};
88*e0c4386eSCy Schubert
89*e0c4386eSCy Schubertsubtest "Check loading non-canonically encoded parameters by pkeyparam with -check" => sub {
90*e0c4386eSCy Schubert    plan tests => scalar(@noncanon);
91*e0c4386eSCy Schubert    checkload(\@noncanon, 1, "pkeyparam", "-check");
92*e0c4386eSCy Schubert};
93*e0c4386eSCy Schubert
94*e0c4386eSCy Schubertsubtest "Check loading invalid parameters by ecparam with -check" => sub {
95*e0c4386eSCy Schubert    plan tests => scalar(@invalid);
96*e0c4386eSCy Schubert    checkload(\@invalid, 0, "ecparam", "-check");
97*e0c4386eSCy Schubert};
98*e0c4386eSCy Schubert
99*e0c4386eSCy Schubertsubtest "Check loading invalid parameters by ecparam with -check_named" => sub {
100*e0c4386eSCy Schubert    plan tests => scalar(@invalid);
101*e0c4386eSCy Schubert    checkload(\@invalid, 0, "ecparam", "-check_named");
102*e0c4386eSCy Schubert};
103*e0c4386eSCy Schubert
104*e0c4386eSCy Schubertsubtest "Check loading invalid parameters by pkeyparam with -check" => sub {
105*e0c4386eSCy Schubert    plan tests => scalar(@invalid);
106*e0c4386eSCy Schubert    checkload(\@invalid, 0, "pkeyparam", "-check");
107*e0c4386eSCy Schubert};
108*e0c4386eSCy Schubert
109*e0c4386eSCy Schubertsubtest "Check ecparam does not change the parameter file on output" => sub {
110*e0c4386eSCy Schubert    plan tests => 2 * scalar(@valid);
111*e0c4386eSCy Schubert    checkcompare(\@valid, "ecparam");
112*e0c4386eSCy Schubert};
113*e0c4386eSCy Schubert
114*e0c4386eSCy Schubertsubtest "Check pkeyparam does not change the parameter file on output" => sub {
115*e0c4386eSCy Schubert    plan tests => 2 * scalar(@valid);
116*e0c4386eSCy Schubert    checkcompare(\@valid, "pkeyparam");
117*e0c4386eSCy Schubert};
118*e0c4386eSCy Schubert
119*e0c4386eSCy Schubertsubtest "Check loading of fips and non-fips params" => sub {
120*e0c4386eSCy Schubert    plan skip_all => "FIPS is disabled"
121*e0c4386eSCy Schubert        if $no_fips;
122*e0c4386eSCy Schubert    plan tests => 8;
123*e0c4386eSCy Schubert
124*e0c4386eSCy Schubert    my $fipsconf = srctop_file("test", "fips-and-base.cnf");
125*e0c4386eSCy Schubert    my $defaultconf = srctop_file("test", "default.cnf");
126*e0c4386eSCy Schubert
127*e0c4386eSCy Schubert    $ENV{OPENSSL_CONF} = $fipsconf;
128*e0c4386eSCy Schubert
129*e0c4386eSCy Schubert    ok(run(app(['openssl', 'ecparam',
130*e0c4386eSCy Schubert                '-in', data_file('valid', 'secp384r1-explicit.pem'),
131*e0c4386eSCy Schubert                '-check'])),
132*e0c4386eSCy Schubert       "Loading explicitly encoded valid curve");
133*e0c4386eSCy Schubert
134*e0c4386eSCy Schubert    ok(run(app(['openssl', 'ecparam',
135*e0c4386eSCy Schubert                '-in', data_file('valid', 'secp384r1-named.pem'),
136*e0c4386eSCy Schubert                '-check'])),
137*e0c4386eSCy Schubert       "Loading named valid curve");
138*e0c4386eSCy Schubert
139*e0c4386eSCy Schubert    ok(!run(app(['openssl', 'ecparam',
140*e0c4386eSCy Schubert                '-in', data_file('valid', 'secp112r1-named.pem'),
141*e0c4386eSCy Schubert                '-check'])),
142*e0c4386eSCy Schubert       "Fail loading named non-fips curve");
143*e0c4386eSCy Schubert
144*e0c4386eSCy Schubert    ok(!run(app(['openssl', 'pkeyparam',
145*e0c4386eSCy Schubert                '-in', data_file('valid', 'secp112r1-named.pem'),
146*e0c4386eSCy Schubert                '-check'])),
147*e0c4386eSCy Schubert       "Fail loading named non-fips curve using pkeyparam");
148*e0c4386eSCy Schubert
149*e0c4386eSCy Schubert    ok(run(app(['openssl', 'ecparam',
150*e0c4386eSCy Schubert                '-provider', 'default',
151*e0c4386eSCy Schubert                '-propquery', '?fips!=yes',
152*e0c4386eSCy Schubert                '-in', data_file('valid', 'secp112r1-named.pem'),
153*e0c4386eSCy Schubert                '-check'])),
154*e0c4386eSCy Schubert       "Loading named non-fips curve in FIPS mode with non-FIPS property".
155*e0c4386eSCy Schubert       " query");
156*e0c4386eSCy Schubert
157*e0c4386eSCy Schubert    ok(run(app(['openssl', 'pkeyparam',
158*e0c4386eSCy Schubert                '-provider', 'default',
159*e0c4386eSCy Schubert                '-propquery', '?fips!=yes',
160*e0c4386eSCy Schubert                '-in', data_file('valid', 'secp112r1-named.pem'),
161*e0c4386eSCy Schubert                '-check'])),
162*e0c4386eSCy Schubert       "Loading named non-fips curve in FIPS mode with non-FIPS property".
163*e0c4386eSCy Schubert       " query using pkeyparam");
164*e0c4386eSCy Schubert
165*e0c4386eSCy Schubert    ok(!run(app(['openssl', 'ecparam',
166*e0c4386eSCy Schubert                '-genkey', '-name', 'secp112r1'])),
167*e0c4386eSCy Schubert       "Fail generating key for named non-fips curve");
168*e0c4386eSCy Schubert
169*e0c4386eSCy Schubert    ok(run(app(['openssl', 'ecparam',
170*e0c4386eSCy Schubert                '-provider', 'default',
171*e0c4386eSCy Schubert                '-propquery', '?fips!=yes',
172*e0c4386eSCy Schubert                '-genkey', '-name', 'secp112r1'])),
173*e0c4386eSCy Schubert       "Generating key for named non-fips curve with non-FIPS property query");
174*e0c4386eSCy Schubert
175*e0c4386eSCy Schubert    $ENV{OPENSSL_CONF} = $defaultconf;
176*e0c4386eSCy Schubert};
177