[thirdparty/openssl.git] / test / recipes / 15-test_genec.t

#! /usr/bin/env perl
# Copyright 2017-2023 The OpenSSL Project Authors. All Rights Reserved.
#
# Licensed under the Apache License 2.0 (the "License").  You may not use
# this file except in compliance with the License.  You can obtain a copy
# in the file LICENSE in the source distribution or at
# https://www.openssl.org/source/license.html


use strict;
use warnings;

use File::Spec;
use OpenSSL::Test qw/:DEFAULT srctop_file/;
use OpenSSL::Test::Utils;

# 'supported' and 'unsupported' reflect the current state of things.  In
# Test::More terms, 'supported' works exactly like ok(run(whatever)), while
# 'unsupported' wraps that in a TODO: { } block.
#
# The first argument is the test name (this becomes the last argument to
# 'ok')
# The remaining argument are passed unchecked to 'run'.

# 1:    the result of app() or similar, i.e. something you can pass to
sub supported_pass {
    my $str = shift;

    ok(run(@_), $str);
}

sub supported_fail {
    my $str = shift;

    ok(!run(@_), $str);
}

setup("test_genec");

plan skip_all => "This test is unsupported in a no-ec build"
    if disabled("ec");

my @prime_curves = qw(
    secp112r1
    secp112r2
    secp128r1
    secp128r2
    secp160k1
    secp160r1
    secp160r2
    secp192k1
    secp224k1
    secp224r1
    secp256k1
    secp384r1
    secp521r1
    prime192v1
    prime192v2
    prime192v3
    prime239v1
    prime239v2
    prime239v3
    prime256v1
    wap-wsg-idm-ecid-wtls6
    wap-wsg-idm-ecid-wtls7
    wap-wsg-idm-ecid-wtls8
    wap-wsg-idm-ecid-wtls9
    wap-wsg-idm-ecid-wtls12
    brainpoolP160r1
    brainpoolP160t1
    brainpoolP192r1
    brainpoolP192t1
    brainpoolP224r1
    brainpoolP224t1
    brainpoolP256r1
    brainpoolP256t1
    brainpoolP320r1
    brainpoolP320t1
    brainpoolP384r1
    brainpoolP384t1
    brainpoolP512r1
    brainpoolP512t1
);

my @binary_curves = qw(
    sect113r1
    sect113r2
    sect131r1
    sect131r2
    sect163k1
    sect163r1
    sect163r2
    sect193r1
    sect193r2
    sect233k1
    sect233r1
    sect239k1
    sect283k1
    sect283r1
    sect409k1
    sect409r1
    sect571k1
    sect571r1
    c2pnb163v1
    c2pnb163v2
    c2pnb163v3
    c2pnb176v1
    c2tnb191v1
    c2tnb191v2
    c2tnb191v3
    c2pnb208w1
    c2tnb239v1
    c2tnb239v2
    c2tnb239v3
    c2pnb272w1
    c2pnb304w1
    c2tnb359v1
    c2pnb368w1
    c2tnb431r1
    wap-wsg-idm-ecid-wtls1
    wap-wsg-idm-ecid-wtls3
    wap-wsg-idm-ecid-wtls4
    wap-wsg-idm-ecid-wtls5
    wap-wsg-idm-ecid-wtls10
    wap-wsg-idm-ecid-wtls11
);

my @explicit_only_curves = ();
push(@explicit_only_curves, qw(
        Oakley-EC2N-3
        Oakley-EC2N-4
    )) if !disabled("ec2m");

my @other_curves = ();
push(@other_curves, 'SM2')
    if !disabled("sm2");

my @curve_aliases = qw(
    P-192
    P-224
    P-256
    P-384
    P-521
);
push(@curve_aliases, qw(
    B-163
    B-233
    B-283
    B-409
    B-571
    K-163
    K-233
    K-283
    K-409
    K-571
)) if !disabled("ec2m");

my @curve_list = ();
push(@curve_list, @prime_curves);
push(@curve_list, @binary_curves)
    if !disabled("ec2m");
push(@curve_list, @other_curves);
push(@curve_list, @curve_aliases);

my %params_encodings =
    (
     'named_curve'      => \&supported_pass,
     'explicit'         => \&supported_pass
    );

my @output_formats = ('PEM', 'DER');

plan tests => scalar(@curve_list) * scalar(keys %params_encodings)
    * (1 + scalar(@output_formats)) # Try listed @output_formats and text output
    * 2                             # Test generating parameters and keys
    + 1                             # Checking that with no curve it fails
    + 1                             # Checking that with unknown curve it fails
    + 1                             # Subtest for explicit only curves
    + 1                             # base serializer test
    ;

ok(!run(app([ 'openssl', 'genpkey',
              '-algorithm', 'EC'])),
   "genpkey EC with no params should fail");

ok(!run(app([ 'openssl', 'genpkey',
              '-algorithm', 'EC',
              '-pkeyopt', 'ec_paramgen_curve:bogus_foobar_curve'])),
   "genpkey EC with unknown curve name should fail");

ok(run(app([ 'openssl', 'genpkey',
             '-provider-path', 'providers',
             '-provider', 'base',
             '-config', srctop_file("test", "default.cnf"),
             '-algorithm', 'EC',
             '-pkeyopt', 'ec_paramgen_curve:prime256v1',
             '-text'])),
    "generate a private key and serialize it using the base provider");

foreach my $curvename (@curve_list) {
    foreach my $paramenc (sort keys %params_encodings) {
        my $fn = $params_encodings{$paramenc};

        # --- Test generating parameters ---

        $fn->("genpkey EC params ${curvename} with ec_param_enc:'${paramenc}' (text)",
              app([ 'openssl', 'genpkey', '-genparam',
                    '-algorithm', 'EC',
                    '-pkeyopt', 'ec_paramgen_curve:'.$curvename,
                    '-pkeyopt', 'ec_param_enc:'.$paramenc,
                    '-text']));

        foreach my $outform (@output_formats) {
            my $outfile = "ecgen.${curvename}.${paramenc}." . lc $outform;
            $fn->("genpkey EC params ${curvename} with ec_param_enc:'${paramenc}' (${outform})",
                  app([ 'openssl', 'genpkey', '-genparam',
                        '-algorithm', 'EC',
                        '-pkeyopt', 'ec_paramgen_curve:'.$curvename,
                        '-pkeyopt', 'ec_param_enc:'.$paramenc,
                        '-outform', $outform,
                        '-out', $outfile]));
        }

        # --- Test generating actual keys ---

        $fn->("genpkey EC key on ${curvename} with ec_param_enc:'${paramenc}' (text)",
              app([ 'openssl', 'genpkey',
                    '-algorithm', 'EC',
                    '-pkeyopt', 'ec_paramgen_curve:'.$curvename,
                    '-pkeyopt', 'ec_param_enc:'.$paramenc,
                    '-text']));

        foreach my $outform (@output_formats) {
            my $outfile = "ecgen.${curvename}.${paramenc}." . lc $outform;
            my $outpubfile = "ecgen.${curvename}.${paramenc}-pub." . lc $outform;
            $fn->("genpkey EC key on ${curvename} with ec_param_enc:'${paramenc}' (${outform})",
                  app([ 'openssl', 'genpkey',
                        '-algorithm', 'EC',
                        '-pkeyopt', 'ec_paramgen_curve:'.$curvename,
                        '-pkeyopt', 'ec_param_enc:'.$paramenc,
                        '-outform', $outform,
                        '-out', $outfile,
                        '-outpubkey', $outpubfile]));
        }
    }
}

subtest "test curves that only support explicit parameters encoding" => sub {
    plan skip_all => "This test is unsupported under current configuration"
            if scalar(@explicit_only_curves) <= 0;

    plan tests => scalar(@explicit_only_curves) * scalar(keys %params_encodings)
        * (1 + scalar(@output_formats)) # Try listed @output_formats and text output
        * 2                             # Test generating parameters and keys
        ;

    my %params_encodings =
        (
         'named_curve'      => \&supported_fail,
         'explicit'         => \&supported_pass
        );

    foreach my $curvename (@explicit_only_curves) {
        foreach my $paramenc (sort keys %params_encodings) {
            my $fn = $params_encodings{$paramenc};

            # --- Test generating parameters ---

            $fn->("genpkey EC params ${curvename} with ec_param_enc:'${paramenc}' (text)",
                  app([ 'openssl', 'genpkey', '-genparam',
                        '-algorithm', 'EC',
                        '-pkeyopt', 'ec_paramgen_curve:'.$curvename,
                        '-pkeyopt', 'ec_param_enc:'.$paramenc,
                        '-text']));

            foreach my $outform (@output_formats) {
                my $outfile = "ecgen.${curvename}.${paramenc}." . lc $outform;
                $fn->("genpkey EC params ${curvename} with ec_param_enc:'${paramenc}' (${outform})",
                      app([ 'openssl', 'genpkey', '-genparam',
                            '-algorithm', 'EC',
                            '-pkeyopt', 'ec_paramgen_curve:'.$curvename,
                            '-pkeyopt', 'ec_param_enc:'.$paramenc,
                            '-outform', $outform,
                            '-out', $outfile]));
            }

            # --- Test generating actual keys ---

            $fn->("genpkey EC key on ${curvename} with ec_param_enc:'${paramenc}' (text)",
                  app([ 'openssl', 'genpkey',
                        '-algorithm', 'EC',
                        '-pkeyopt', 'ec_paramgen_curve:'.$curvename,
                        '-pkeyopt', 'ec_param_enc:'.$paramenc,
                        '-text']));

            foreach my $outform (@output_formats) {
                my $outfile = "ecgen.${curvename}.${paramenc}." . lc $outform;
                $fn->("genpkey EC key on ${curvename} with ec_param_enc:'${paramenc}' (${outform})",
                      app([ 'openssl', 'genpkey',
                            '-algorithm', 'EC',
                            '-pkeyopt', 'ec_paramgen_curve:'.$curvename,
                            '-pkeyopt', 'ec_param_enc:'.$paramenc,
                            '-outform', $outform,
                            '-out', $outfile]));
            }
        }
    }
};
Commit	Line	Data
0c2bddb7	1	#! /usr/bin/env perl
556009c5	2	# Copyright 2017-2023 The OpenSSL Project Authors. All Rights Reserved.
0c2bddb7 NT	3	#
	4	# Licensed under the Apache License 2.0 (the "License"). You may not use
	5	# this file except in compliance with the License. You can obtain a copy
	6	# in the file LICENSE in the source distribution or at
	7	# https://www.openssl.org/source/license.html
	8
	9
	10	use strict;
	11	use warnings;
	12
	13	use File::Spec;
	14	use OpenSSL::Test qw/:DEFAULT srctop_file/;
	15	use OpenSSL::Test::Utils;
	16
c65b1d02 RL	17	# 'supported' and 'unsupported' reflect the current state of things. In
	18	# Test::More terms, 'supported' works exactly like ok(run(whatever)), while
	19	# 'unsupported' wraps that in a TODO: { } block.
	20	#
	21	# The first argument is the test name (this becomes the last argument to
	22	# 'ok')
	23	# The remaining argument are passed unchecked to 'run'.
	24
	25	# 1: the result of app() or similar, i.e. something you can pass to
1c9761d0	26	sub supported_pass {
c65b1d02 RL	27	my $str = shift;
	28
	29	ok(run(@_), $str);
	30	}
	31
1c9761d0 NT	32	sub supported_fail {
	33	my $str = shift;
	34
	35	ok(!run(@_), $str);
	36	}
	37
0c2bddb7 NT	38	setup("test_genec");
	39
	40	plan skip_all => "This test is unsupported in a no-ec build"
	41	if disabled("ec");
	42
	43	my @prime_curves = qw(
	44	secp112r1
	45	secp112r2
	46	secp128r1
	47	secp128r2
	48	secp160k1
	49	secp160r1
	50	secp160r2
	51	secp192k1
	52	secp224k1
	53	secp224r1
	54	secp256k1
	55	secp384r1
	56	secp521r1
	57	prime192v1
	58	prime192v2
	59	prime192v3
	60	prime239v1
	61	prime239v2
	62	prime239v3
	63	prime256v1
	64	wap-wsg-idm-ecid-wtls6
	65	wap-wsg-idm-ecid-wtls7
	66	wap-wsg-idm-ecid-wtls8
	67	wap-wsg-idm-ecid-wtls9
	68	wap-wsg-idm-ecid-wtls12
	69	brainpoolP160r1
	70	brainpoolP160t1
	71	brainpoolP192r1
	72	brainpoolP192t1
	73	brainpoolP224r1
	74	brainpoolP224t1
	75	brainpoolP256r1
	76	brainpoolP256t1
	77	brainpoolP320r1
	78	brainpoolP320t1
	79	brainpoolP384r1
	80	brainpoolP384t1
	81	brainpoolP512r1
	82	brainpoolP512t1
	83	);
	84
	85	my @binary_curves = qw(
	86	sect113r1
	87	sect113r2
	88	sect131r1
	89	sect131r2
	90	sect163k1
	91	sect163r1
	92	sect163r2
	93	sect193r1
	94	sect193r2
	95	sect233k1
	96	sect233r1
	97	sect239k1
	98	sect283k1
	99	sect283r1
	100	sect409k1
	101	sect409r1
102	sect571k1
103	sect571r1
104	c2pnb163v1
105	c2pnb163v2
106	c2pnb163v3
107	c2pnb176v1
108	c2tnb191v1
109	c2tnb191v2
110	c2tnb191v3
111	c2pnb208w1
112	c2tnb239v1
113	c2tnb239v2
114	c2tnb239v3
115	c2pnb272w1
116	c2pnb304w1
117	c2tnb359v1
118	c2pnb368w1
119	c2tnb431r1
120	wap-wsg-idm-ecid-wtls1
121	wap-wsg-idm-ecid-wtls3
122	wap-wsg-idm-ecid-wtls4
123	wap-wsg-idm-ecid-wtls5
124	wap-wsg-idm-ecid-wtls10
125	wap-wsg-idm-ecid-wtls11
0c2bddb7 NT	126	);
0c2bddb7 NT	127
1c9761d0 NT	128	my @explicit_only_curves = ();
	129	push(@explicit_only_curves, qw(
	130	Oakley-EC2N-3
	131	Oakley-EC2N-4
	132	)) if !disabled("ec2m");
	133
0c2bddb7 NT	134	my @other_curves = ();
	135	push(@other_curves, 'SM2')
	136	if !disabled("sm2");
	137
	138	my @curve_aliases = qw(
	139	P-192
	140	P-224
	141	P-256
	142	P-384
	143	P-521
	144	);
	145	push(@curve_aliases, qw(
	146	B-163
	147	B-233
	148	B-283
	149	B-409
	150	B-571
	151	K-163
	152	K-233
	153	K-283
	154	K-409
	155	K-571
	156	)) if !disabled("ec2m");
	157
	158	my @curve_list = ();
	159	push(@curve_list, @prime_curves);
	160	push(@curve_list, @binary_curves)
	161	if !disabled("ec2m");
	162	push(@curve_list, @other_curves);
	163	push(@curve_list, @curve_aliases);
	164
c65b1d02 RL	165	my %params_encodings =
c65b1d02 RL	166	(
1c9761d0	167	'named_curve' => \&supported_pass,
c0f39ded	168	'explicit' => \&supported_pass
c65b1d02	169	);
0c2bddb7 NT	170
	171	my @output_formats = ('PEM', 'DER');
	172
c65b1d02	173	plan tests => scalar(@curve_list) * scalar(keys %params_encodings)
0c2bddb7	174	* (1 + scalar(@output_formats)) # Try listed @output_formats and text output
1c9761d0	175	* 2 # Test generating parameters and keys
0c2bddb7 NT	176	+ 1 # Checking that with no curve it fails
0c2bddb7 NT	177	+ 1 # Checking that with unknown curve it fails
1c9761d0	178	+ 1 # Subtest for explicit only curves
be63e587	179	+ 1 # base serializer test
0c2bddb7 NT	180	;
0c2bddb7 NT	181
1c9761d0 NT	182	ok(!run(app([ 'openssl', 'genpkey',
	183	'-algorithm', 'EC'])),
	184	"genpkey EC with no params should fail");
	185
	186	ok(!run(app([ 'openssl', 'genpkey',
	187	'-algorithm', 'EC',
	188	'-pkeyopt', 'ec_paramgen_curve:bogus_foobar_curve'])),
	189	"genpkey EC with unknown curve name should fail");
	190
be63e587 SL	191	ok(run(app([ 'openssl', 'genpkey',
	192	'-provider-path', 'providers',
	193	'-provider', 'base',
	194	'-config', srctop_file("test", "default.cnf"),
	195	'-algorithm', 'EC',
	196	'-pkeyopt', 'ec_paramgen_curve:prime256v1',
	197	'-text'])),
	198	"generate a private key and serialize it using the base provider");
	199
0c2bddb7	200	foreach my $curvename (@curve_list) {
c65b1d02 RL	201	foreach my $paramenc (sort keys %params_encodings) {
c65b1d02 RL	202	my $fn = $params_encodings{$paramenc};
1c9761d0 NT	203
	204	# --- Test generating parameters ---
	205
c65b1d02	206	$fn->("genpkey EC params ${curvename} with ec_param_enc:'${paramenc}' (text)",
1c9761d0	207	app([ 'openssl', 'genpkey', '-genparam',
c65b1d02 RL	208	'-algorithm', 'EC',
	209	'-pkeyopt', 'ec_paramgen_curve:'.$curvename,
	210	'-pkeyopt', 'ec_param_enc:'.$paramenc,
	211	'-text']));
0c2bddb7 NT	212
	213	foreach my $outform (@output_formats) {
	214	my $outfile = "ecgen.${curvename}.${paramenc}." . lc $outform;
c65b1d02 RL	215	$fn->("genpkey EC params ${curvename} with ec_param_enc:'${paramenc}' (${outform})",
	216	app([ 'openssl', 'genpkey', '-genparam',
	217	'-algorithm', 'EC',
	218	'-pkeyopt', 'ec_paramgen_curve:'.$curvename,
	219	'-pkeyopt', 'ec_param_enc:'.$paramenc,
	220	'-outform', $outform,
	221	'-out', $outfile]));
	222	}
1c9761d0 NT	223
	224	# --- Test generating actual keys ---
	225
	226	$fn->("genpkey EC key on ${curvename} with ec_param_enc:'${paramenc}' (text)",
	227	app([ 'openssl', 'genpkey',
	228	'-algorithm', 'EC',
	229	'-pkeyopt', 'ec_paramgen_curve:'.$curvename,
	230	'-pkeyopt', 'ec_param_enc:'.$paramenc,
	231	'-text']));
	232
	233	foreach my $outform (@output_formats) {
	234	my $outfile = "ecgen.${curvename}.${paramenc}." . lc $outform;
6c03fa21	235	my $outpubfile = "ecgen.${curvename}.${paramenc}-pub." . lc $outform;
1c9761d0 NT	236	$fn->("genpkey EC key on ${curvename} with ec_param_enc:'${paramenc}' (${outform})",
	237	app([ 'openssl', 'genpkey',
	238	'-algorithm', 'EC',
	239	'-pkeyopt', 'ec_paramgen_curve:'.$curvename,
	240	'-pkeyopt', 'ec_param_enc:'.$paramenc,
	241	'-outform', $outform,
6c03fa21 MB	242	'-out', $outfile,
6c03fa21 MB	243	'-outpubkey', $outpubfile]));
1c9761d0	244	}
0c2bddb7 NT	245	}
	246	}
	247
1c9761d0 NT	248	subtest "test curves that only support explicit parameters encoding" => sub {
	249	plan skip_all => "This test is unsupported under current configuration"
	250	if scalar(@explicit_only_curves) <= 0;
0c2bddb7	251
1c9761d0 NT	252	plan tests => scalar(@explicit_only_curves) * scalar(keys %params_encodings)
	253	* (1 + scalar(@output_formats)) # Try listed @output_formats and text output
	254	* 2 # Test generating parameters and keys
	255	;
	256
	257	my %params_encodings =
	258	(
	259	'named_curve' => \&supported_fail,
c0f39ded	260	'explicit' => \&supported_pass
1c9761d0 NT	261	);
	262
	263	foreach my $curvename (@explicit_only_curves) {
	264	foreach my $paramenc (sort keys %params_encodings) {
	265	my $fn = $params_encodings{$paramenc};
	266
	267	# --- Test generating parameters ---
	268
	269	$fn->("genpkey EC params ${curvename} with ec_param_enc:'${paramenc}' (text)",
	270	app([ 'openssl', 'genpkey', '-genparam',
	271	'-algorithm', 'EC',
	272	'-pkeyopt', 'ec_paramgen_curve:'.$curvename,
	273	'-pkeyopt', 'ec_param_enc:'.$paramenc,
	274	'-text']));
	275
	276	foreach my $outform (@output_formats) {
	277	my $outfile = "ecgen.${curvename}.${paramenc}." . lc $outform;
	278	$fn->("genpkey EC params ${curvename} with ec_param_enc:'${paramenc}' (${outform})",
	279	app([ 'openssl', 'genpkey', '-genparam',
	280	'-algorithm', 'EC',
	281	'-pkeyopt', 'ec_paramgen_curve:'.$curvename,
	282	'-pkeyopt', 'ec_param_enc:'.$paramenc,
	283	'-outform', $outform,
	284	'-out', $outfile]));
	285	}
	286
	287	# --- Test generating actual keys ---
	288
	289	$fn->("genpkey EC key on ${curvename} with ec_param_enc:'${paramenc}' (text)",
	290	app([ 'openssl', 'genpkey',
	291	'-algorithm', 'EC',
	292	'-pkeyopt', 'ec_paramgen_curve:'.$curvename,
	293	'-pkeyopt', 'ec_param_enc:'.$paramenc,
	294	'-text']));
	295
	296	foreach my $outform (@output_formats) {
	297	my $outfile = "ecgen.${curvename}.${paramenc}." . lc $outform;
	298	$fn->("genpkey EC key on ${curvename} with ec_param_enc:'${paramenc}' (${outform})",
	299	app([ 'openssl', 'genpkey',
	300	'-algorithm', 'EC',
	301	'-pkeyopt', 'ec_paramgen_curve:'.$curvename,
	302	'-pkeyopt', 'ec_param_enc:'.$paramenc,
	303	'-outform', $outform,
	304	'-out', $outfile]));
	305	}
	306	}
	307	}
	308	};