[thirdparty/openssl.git] / test / recipes / 20-test_enc.t

#! /usr/bin/env perl
# Copyright 2015-2023 The OpenSSL Project Authors. All Rights Reserved.
#
# Licensed under the Apache License 2.0 (the "License").  You may not use
# this file except in compliance with the License.  You can obtain a copy
# in the file LICENSE in the source distribution or at
# https://www.openssl.org/source/license.html


use strict;
use warnings;

use File::Spec::Functions qw/catfile/;
use File::Copy;
use File::Compare qw/compare_text/;
use File::Basename;
use OpenSSL::Test qw/:DEFAULT srctop_file bldtop_dir/;
use OpenSSL::Test::Utils;

setup("test_enc");
plan skip_all => "Deprecated functions are disabled in this OpenSSL build"
    if disabled("deprecated");

# We do it this way, because setup() may have moved us around,
# so the directory portion of $0 might not be correct any more.
# However, the name hasn't changed.
my $testsrc = srctop_file("test","recipes",basename($0));

my $test = catfile(".", "p");

my $cmd = "openssl";
my $provpath = bldtop_dir("providers");
my @prov = ("-provider-path", $provpath, "-provider", "default");
push @prov, ("-provider", "legacy") unless disabled("legacy");
my $ciphersstatus = undef;
my @ciphers =
    map { s/^\s+//; s/\s+$//; split /\s+/ }
    run(app([$cmd, "list", "-cipher-commands"]),
        capture => 1, statusvar => \$ciphersstatus);
@ciphers = grep {!/^(bf|cast|des$|des-cbc|des-cfb|des-ecb|des-ofb|desx|idea
                     |rc2|rc4|seed)/x} @ciphers
    if disabled("legacy");

plan tests => 5 + (scalar @ciphers)*2;

 SKIP: {
     skip "Problems getting ciphers...", 1 + scalar(@ciphers)
         unless ok($ciphersstatus, "Running 'openssl list -cipher-commands'");
     unless (ok(copy($testsrc, $test), "Copying $testsrc to $test")) {
         diag($!);
         skip "Not initialized, skipping...", scalar(@ciphers);
     }

     foreach my $c (@ciphers) {
         my %variant = ("$c" => [],
                        "$c base64" => [ "-a" ]);

         foreach my $t (sort keys %variant) {
             my $cipherfile = "$test.$c.cipher";
             my $clearfile = "$test.$c.clear";
             my @e = ( "$c", "-bufsize", "113", @{$variant{$t}}, "-e", "-k", "test" );
             my @d = ( "$c", "-bufsize", "157", @{$variant{$t}}, "-d", "-k", "test" );
             if ($c eq "cat") {
                 $cipherfile = "$test.cipher";
                 $clearfile = "$test.clear";
                 @e = ( "enc", @{$variant{$t}}, "-e" );
                 @d = ( "enc", @{$variant{$t}}, "-d" );
             }

             ok(run(app([$cmd, @e, @prov, "-in", $test, "-out", $cipherfile]))
                && run(app([$cmd, @d, @prov, "-in", $cipherfile, "-out", $clearfile]))
                && compare_text($test,$clearfile) == 0, $t);
         }
     }
     ok(run(app([$cmd, "enc", "-in", $test, "-aes256", "-pbkdf2", "-out",
                 "salted_default.cipher", "-pass", "pass:password"]))
        && run(app([$cmd, "enc", "-d", "-in", "salted_default.cipher", "-aes256", "-pbkdf2",
                    "-saltlen", "8", "-out", "salted_default.clear", "-pass", "pass:password"]))
        && compare_text($test,"salted_default.clear") == 0,
        "Check that the default salt length of 8 bytes is used for PKDF2");

     ok(!run(app([$cmd, "enc", "-d", "-in", "salted_default.cipher", "-aes256", "-pbkdf2",
                  "-saltlen", "16", "-out", "salted_fail.clear", "-pass", "pass:password"])),
        "Check the decrypt fails if the saltlen is incorrect");

     ok(run(app([$cmd, "enc", "-in", $test, "-aes256", "-pbkdf2", "-saltlen", "16",
                 "-out", "salted.cipher", "-pass", "pass:password"]))
        && run(app([$cmd, "enc", "-d", "-in", "salted.cipher", "-aes256", "-pbkdf2",
                    "-saltlen", "16", "-out", "salted.clear", "-pass", "pass:password"]))
        && compare_text($test,"salted.clear") == 0,
        "Check that we can still use a salt length of 16 bytes for PKDF2");

}
Commit	Line	Data
596d6b7e	1	#! /usr/bin/env perl
da1c088f	2	# Copyright 2015-2023 The OpenSSL Project Authors. All Rights Reserved.
596d6b7e	3	#
909f1a2e	4	# Licensed under the Apache License 2.0 (the "License"). You may not use
596d6b7e RS	5	# this file except in compliance with the License. You can obtain a copy
	6	# in the file LICENSE in the source distribution or at
	7	# https://www.openssl.org/source/license.html
	8
13350a0c RL	9
	10	use strict;
	11	use warnings;
	12
	13	use File::Spec::Functions qw/catfile/;
	14	use File::Copy;
	15	use File::Compare qw/compare_text/;
	16	use File::Basename;
f5056577	17	use OpenSSL::Test qw/:DEFAULT srctop_file bldtop_dir/;
81959b26	18	use OpenSSL::Test::Utils;
13350a0c RL	19
13350a0c RL	20	setup("test_enc");
249d5595 DB	21	plan skip_all => "Deprecated functions are disabled in this OpenSSL build"
249d5595 DB	22	if disabled("deprecated");
13350a0c RL	23
	24	# We do it this way, because setup() may have moved us around,
	25	# so the directory portion of $0 might not be correct any more.
	26	# However, the name hasn't changed.
42e0ccdf	27	my $testsrc = srctop_file("test","recipes",basename($0));
13350a0c RL	28
	29	my $test = catfile(".", "p");
	30
	31	my $cmd = "openssl";
f5056577	32	my $provpath = bldtop_dir("providers");
81959b26 MC	33	my @prov = ("-provider-path", $provpath, "-provider", "default");
81959b26 MC	34	push @prov, ("-provider", "legacy") unless disabled("legacy");
30f1c9c4	35	my $ciphersstatus = undef;
13350a0c	36	my @ciphers =
85833408	37	map { s/^\s+//; s/\s+$//; split /\s+/ }
30f1c9c4 RL	38	run(app([$cmd, "list", "-cipher-commands"]),
30f1c9c4 RL	39	capture => 1, statusvar => \$ciphersstatus);
81959b26 MC	40	@ciphers = grep {!/^(bf\|cast\|des$\|des-cbc\|des-cfb\|des-ecb\|des-ofb\|desx\|idea
	41	\|rc2\|rc4\|seed)/x} @ciphers
	42	if disabled("legacy");
13350a0c	43
e3994583	44	plan tests => 5 + (scalar @ciphers)*2;
13350a0c RL	45
13350a0c RL	46	SKIP: {
30f1c9c4 RL	47	skip "Problems getting ciphers...", 1 + scalar(@ciphers)
	48	unless ok($ciphersstatus, "Running 'openssl list -cipher-commands'");
	49	unless (ok(copy($testsrc, $test), "Copying $testsrc to $test")) {
	50	diag($!);
	51	skip "Not initialized, skipping...", scalar(@ciphers);
	52	}
13350a0c RL	53
13350a0c RL	54	foreach my $c (@ciphers) {
a0430488 P	55	my %variant = ("$c" => [],
a0430488 P	56	"$c base64" => [ "-a" ]);
13350a0c	57
a0430488 P	58	foreach my $t (sort keys %variant) {
	59	my $cipherfile = "$test.$c.cipher";
	60	my $clearfile = "$test.$c.clear";
	61	my @e = ( "$c", "-bufsize", "113", @{$variant{$t}}, "-e", "-k", "test" );
	62	my @d = ( "$c", "-bufsize", "157", @{$variant{$t}}, "-d", "-k", "test" );
	63	if ($c eq "cat") {
	64	$cipherfile = "$test.cipher";
	65	$clearfile = "$test.clear";
	66	@e = ( "enc", @{$variant{$t}}, "-e" );
	67	@d = ( "enc", @{$variant{$t}}, "-d" );
	68	}
13350a0c	69
a0430488 P	70	ok(run(app([$cmd, @e, @prov, "-in", $test, "-out", $cipherfile]))
	71	&& run(app([$cmd, @d, @prov, "-in", $cipherfile, "-out", $clearfile]))
	72	&& compare_text($test,$clearfile) == 0, $t);
	73	}
13350a0c	74	}
e3994583	75	ok(run(app([$cmd, "enc", "-in", $test, "-aes256", "-pbkdf2", "-out",
	76	"salted_default.cipher", "-pass", "pass:password"]))
	77	&& run(app([$cmd, "enc", "-d", "-in", "salted_default.cipher", "-aes256", "-pbkdf2",
	78	"-saltlen", "8", "-out", "salted_default.clear", "-pass", "pass:password"]))
	79	&& compare_text($test,"salted_default.clear") == 0,
	80	"Check that the default salt length of 8 bytes is used for PKDF2");
	81
	82	ok(!run(app([$cmd, "enc", "-d", "-in", "salted_default.cipher", "-aes256", "-pbkdf2",
	83	"-saltlen", "16", "-out", "salted_fail.clear", "-pass", "pass:password"])),
	84	"Check the decrypt fails if the saltlen is incorrect");
	85
	86	ok(run(app([$cmd, "enc", "-in", $test, "-aes256", "-pbkdf2", "-saltlen", "16",
	87	"-out", "salted.cipher", "-pass", "pass:password"]))
	88	&& run(app([$cmd, "enc", "-d", "-in", "salted.cipher", "-aes256", "-pbkdf2",
	89	"-saltlen", "16", "-out", "salted.clear", "-pass", "pass:password"]))
	90	&& compare_text($test,"salted.clear") == 0,
	91	"Check that we can still use a salt length of 16 bytes for PKDF2");
	92
13350a0c	93	}