xref: /freebsd/crypto/openssl/test/recipes/15-test_ecparam.t (revision 4b15965daa99044daf184221b7c283bf7f2d7e66)
1#! /usr/bin/env perl
2# Copyright 2017-2025 The OpenSSL Project Authors. All Rights Reserved.
3#
4# Licensed under the Apache License 2.0 (the "License").  You may not use
5# this file except in compliance with the License.  You can obtain a copy
6# in the file LICENSE in the source distribution or at
7# https://www.openssl.org/source/license.html
8
9
10use strict;
11use warnings;
12
13use File::Spec;
14use File::Copy;
15use File::Compare qw/compare_text compare/;
16use OpenSSL::Glob;
17use OpenSSL::Test qw/:DEFAULT data_file srctop_file bldtop_dir/;
18use OpenSSL::Test::Utils;
19
20setup("test_ecparam");
21
22plan skip_all => "EC or EC2M isn't supported in this build"
23    if disabled("ec") || disabled("ec2m");
24
25my @valid = glob(data_file("valid", "*.pem"));
26my @noncanon = glob(data_file("noncanon", "*.pem"));
27my @invalid = glob(data_file("invalid", "*.pem"));
28
29if (disabled("sm2")) {
30    @valid = grep { !/sm2-.*\.pem/} @valid;
31}
32
33plan tests => 14;
34
35sub checkload {
36    my $files = shift; # List of files
37    my $valid = shift; # Check should pass or fail?
38    my $app = shift;   # Which application
39    my $opt = shift;   # Additional option
40
41    foreach (@$files) {
42        if ($valid) {
43            ok(run(app(['openssl', $app, '-noout', $opt, '-in', $_])));
44        } else {
45            ok(!run(app(['openssl', $app, '-noout', $opt, '-in', $_])));
46        }
47    }
48}
49
50sub checkcompare {
51    my $files = shift; # List of files
52    my $app = shift;   # Which application
53
54    foreach (@$files) {
55        my $testout = "$app.tst";
56
57        ok(run(app(['openssl', $app, '-out', $testout, '-in', $_])));
58        ok(!compare_text($_, $testout, sub {
59            my $in1 = $_[0];
60            my $in2 = $_[1];
61            $in1 =~ s/\r\n/\n/g;
62            $in2 =~ s/\r\n/\n/g;
63            $in1 ne $in2}), "Original file $_ is the same as new one");
64    }
65}
66
67sub check_identical {
68    my $apps = shift; # List of applications
69
70    foreach (@$apps) {
71        my $inout = "$_.tst";
72        my $backup = "backup.tst";
73
74        copy($inout, $backup);
75        ok(run(app(['openssl', $_, '-in', $inout, '-out', $inout])));
76        ok(!compare($inout, $backup), "converted file $inout did not change");
77    }
78}
79
80my $no_fips = disabled('fips') || ($ENV{NO_FIPS} // 0);
81
82subtest "Check loading valid parameters by ecparam with -check" => sub {
83    plan tests => scalar(@valid);
84    checkload(\@valid, 1, "ecparam", "-check");
85};
86
87subtest "Check loading valid parameters by ecparam with -check_named" => sub {
88    plan tests => scalar(@valid);
89    checkload(\@valid, 1, "ecparam", "-check_named");
90};
91
92subtest "Check loading valid parameters by pkeyparam with -check" => sub {
93    plan tests => scalar(@valid);
94    checkload(\@valid, 1, "pkeyparam", "-check");
95};
96
97subtest "Check loading non-canonically encoded parameters by ecparam with -check" => sub {
98    plan tests => scalar(@noncanon);
99    checkload(\@noncanon, 1, "ecparam", "-check");
100};
101
102subtest "Check loading non-canonically encoded parameters by ecparam with -check_named" => sub {
103    plan tests => scalar(@noncanon);
104    checkload(\@noncanon, 1, "ecparam", "-check_named");
105};
106
107subtest "Check loading non-canonically encoded parameters by pkeyparam with -check" => sub {
108    plan tests => scalar(@noncanon);
109    checkload(\@noncanon, 1, "pkeyparam", "-check");
110};
111
112subtest "Check loading invalid parameters by ecparam with -check" => sub {
113    plan tests => scalar(@invalid);
114    checkload(\@invalid, 0, "ecparam", "-check");
115};
116
117subtest "Check loading invalid parameters by ecparam with -check_named" => sub {
118    plan tests => scalar(@invalid);
119    checkload(\@invalid, 0, "ecparam", "-check_named");
120};
121
122subtest "Check loading invalid parameters by pkeyparam with -check" => sub {
123    plan tests => scalar(@invalid);
124    checkload(\@invalid, 0, "pkeyparam", "-check");
125};
126
127subtest "Check ecparam does not change the parameter file on output" => sub {
128    plan tests => 2 * scalar(@valid);
129    checkcompare(\@valid, "ecparam");
130};
131
132subtest "Check pkeyparam does not change the parameter file on output" => sub {
133    plan tests => 2 * scalar(@valid);
134    checkcompare(\@valid, "pkeyparam");
135};
136
137my @apps = ("ecparam", "pkeyparam");
138subtest "Check param apps do not garble infile identical to outfile" => sub {
139    plan tests => 2 * scalar(@apps);
140    check_identical(\@apps);
141};
142
143subtest "Check loading of fips and non-fips params" => sub {
144    plan skip_all => "FIPS is disabled"
145        if $no_fips;
146    plan tests => 8;
147
148    my $fipsconf = srctop_file("test", "fips-and-base.cnf");
149    my $defaultconf = srctop_file("test", "default.cnf");
150
151    $ENV{OPENSSL_CONF} = $fipsconf;
152
153    ok(run(app(['openssl', 'ecparam',
154                '-in', data_file('valid', 'secp384r1-explicit.pem'),
155                '-check'])),
156       "Loading explicitly encoded valid curve");
157
158    ok(run(app(['openssl', 'ecparam',
159                '-in', data_file('valid', 'secp384r1-named.pem'),
160                '-check'])),
161       "Loading named valid curve");
162
163    ok(!run(app(['openssl', 'ecparam',
164                '-in', data_file('valid', 'secp112r1-named.pem'),
165                '-check'])),
166       "Fail loading named non-fips curve");
167
168    ok(!run(app(['openssl', 'pkeyparam',
169                '-in', data_file('valid', 'secp112r1-named.pem'),
170                '-check'])),
171       "Fail loading named non-fips curve using pkeyparam");
172
173    ok(run(app(['openssl', 'ecparam',
174                '-provider', 'default',
175                '-propquery', '?fips!=yes',
176                '-in', data_file('valid', 'secp112r1-named.pem'),
177                '-check'])),
178       "Loading named non-fips curve in FIPS mode with non-FIPS property".
179       " query");
180
181    ok(run(app(['openssl', 'pkeyparam',
182                '-provider', 'default',
183                '-propquery', '?fips!=yes',
184                '-in', data_file('valid', 'secp112r1-named.pem'),
185                '-check'])),
186       "Loading named non-fips curve in FIPS mode with non-FIPS property".
187       " query using pkeyparam");
188
189    ok(!run(app(['openssl', 'ecparam',
190                '-genkey', '-name', 'secp112r1'])),
191       "Fail generating key for named non-fips curve");
192
193    ok(run(app(['openssl', 'ecparam',
194                '-provider', 'default',
195                '-propquery', '?fips!=yes',
196                '-genkey', '-name', 'secp112r1'])),
197       "Generating key for named non-fips curve with non-FIPS property query");
198
199    $ENV{OPENSSL_CONF} = $defaultconf;
200};
201
202ok(run(app(['openssl', 'ecparam', '-list_curves'])), "Test -list_curves");
203