test/recipes/15-test_rsaoaep.t

   1 #! /usr/bin/env perl
   2 # Copyright 2020 The OpenSSL Project Authors. All Rights Reserved.
   3 #
   4 # Licensed under the Apache License 2.0 (the "License").  You may not use
   5 # this file except in compliance with the License.  You can obtain a copy
   6 # in the file LICENSE in the source distribution or at
   7 # https://www.openssl.org/source/license.html
   8
   9 use strict;
  10 use warnings;
  11
  12 use OpenSSL::Test qw(:DEFAULT data_file bldtop_dir srctop_file srctop_dir bldtop_file);
  13 use OpenSSL::Test::Utils;
  14 use File::Compare qw/compare_text/;
  15
  16 BEGIN {
  17     setup("test_rsaoaep");
  18 }
  19 use lib srctop_dir('Configurations');
  20 use lib bldtop_dir('.');
  21 use platform;
  22
  23 my $no_fips = disabled('fips') || ($ENV{NO_FIPS} // 0);
  24
  25 plan tests =>
  26     ($no_fips ? 0 : 1)          # FIPS install test
  27     + 9;
  28
  29 my @prov = ( );
  30 my $provconf = srctop_file("test", "fips.cnf");
  31 my $provpath = bldtop_dir("providers");
  32 my $msg_file = data_file("plain_text");
  33 my $enc1_file = "enc1.bin";
  34 my $enc2_file = "enc2.bin";
  35 my $enc3_file = "enc3.bin";
  36 my $dec1_file = "dec1.txt";
  37 my $dec2_file = "dec2.txt";
  38 my $dec3_file = "dec3.txt";
  39 my $key_file = srctop_file("test", "testrsa.pem");
  40
  41 unless ($no_fips) {
  42     @prov = ( "-provider_path", $provpath, "-config", $provconf );
  43     my $infile = bldtop_file('providers', platform->dso('fips'));
  44
  45     ok(run(app(['openssl', 'fipsinstall',
  46                 '-out', bldtop_file('providers', 'fipsmodule.cnf'),
  47                 '-module', $infile])),
  48        "fipsinstall");
  49     $ENV{OPENSSL_TEST_LIBCTX} = "1";
  50 }
  51
  52 ok(run(app(['openssl', 'pkeyutl',
  53             @prov,
  54             '-encrypt',
  55             '-in', $msg_file,
  56             '-inkey', $key_file,
  57             '-pkeyopt', 'pad-mode:oaep',
  58             '-pkeyopt', 'oaep-label:123',
  59             '-pkeyopt', 'digest:sha1',
  60             '-pkeyopt', 'mgf1-digest:sha1',
  61             '-out', $enc1_file])),
  62    "RSA OAEP Encryption");
  63
  64 ok(!run(app(['openssl', 'pkeyutl',
  65              @prov,
  66              '-encrypt',
  67              '-in', $key_file,
  68              '-inkey', $key_file,
  69              '-pkeyopt', 'pad-mode:oaep',
  70              '-pkeyopt', 'oaep-label:123',
  71              '-pkeyopt', 'digest:sha256',
  72              '-pkeyopt', 'mgf1-digest:sha1'])),
  73    "RSA OAEP Encryption should fail if the message is larger than the rsa modulus");
  74
  75 ok(run(app(['openssl', 'pkeyutl',
  76             @prov,
  77             '-decrypt',
  78             '-inkey', $key_file,
  79             '-pkeyopt', 'pad-mode:oaep',
  80             '-pkeyopt', 'oaep-label:123',
  81             '-pkeyopt', 'digest:sha1',
  82             '-pkeyopt', 'mgf1-digest:sha1',
  83             '-in', $enc1_file,
  84             '-out', $dec1_file]))
  85     && compare_text($dec1_file, $msg_file) == 0,
  86     "RSA OAEP Decryption");
  87
  88 ok(!run(app(['openssl', 'pkeyutl',
  89              @prov,
  90              '-decrypt',
  91              '-inkey', $key_file,
  92              '-pkeyopt', 'pad-mode:oaep',
  93              '-pkeyopt', 'oaep-label:123',
  94              '-pkeyopt', 'digest:sha256',
  95              '-pkeyopt', 'mgf1-digest:sha224',
  96              '-in', $enc1_file])),
  97     "Incorrect digest for RSA OAEP Decryption");
  98
  99 ok(!run(app(['openssl', 'pkeyutl',
 100              @prov,
 101              '-decrypt',
 102              '-inkey', $key_file,
 103              '-pkeyopt', 'pad-mode:oaep',
 104              '-pkeyopt', 'oaep-label:123',
 105              '-pkeyopt', 'digest:sha1',
 106              '-pkeyopt', 'mgf1-digest:sha224',
 107              '-in', $enc1_file])),
 108     "Incorrect mgf1-digest for RSA OAEP Decryption");
 109
 110 ok(run(app(['openssl', 'pkeyutl',
 111             @prov,
 112             '-encrypt',
 113             '-in', $msg_file,
 114             '-inkey', $key_file,
 115             '-pkeyopt', 'pad-mode:oaep',
 116             '-pkeyopt', 'oaep-label:123',
 117             '-pkeyopt', 'digest:sha1',
 118             '-pkeyopt', 'mgf1-digest:sha1',
 119             '-out', $enc2_file]))
 120     && compare_text($enc2_file, $enc1_file) != 0,
 121    "RSA OAEP Encryption should generate different encrypted data");
 122
 123 ok(run(app(['openssl', 'pkeyutl',
 124             @prov,
 125             '-decrypt',
 126             '-inkey', $key_file,
 127             '-pkeyopt', 'pad-mode:oaep',
 128             '-pkeyopt', 'oaep-label:123',
 129             '-in', $enc2_file,
 130             '-out', $dec2_file]))
 131     && compare_text($dec2_file, $msg_file) == 0,
 132     "RSA OAEP Decryption with default digests");
 133
 134 ok(run(app(['openssl', 'pkeyutl',
 135             @prov,
 136             '-encrypt',
 137             '-in', $msg_file,
 138             '-inkey', $key_file,
 139             '-pkeyopt', 'pad-mode:oaep',
 140             '-pkeyopt', 'oaep-label:123',
 141             '-out', $enc3_file])),
 142    "RSA OAEP Encryption with default digests");
 143
 144 ok(run(app(['openssl', 'pkeyutl',
 145             @prov,
 146             '-decrypt',
 147             '-inkey', $key_file,
 148             '-pkeyopt', 'pad-mode:oaep',
 149             '-pkeyopt', 'oaep-label:123',
 150             '-pkeyopt', 'digest:sha1',
 151             '-pkeyopt', 'mgf1-digest:sha1',
 152             '-in', $enc3_file,
 153             '-out', $dec3_file]))
 154     && compare_text($dec3_file, $msg_file) == 0,
 155     "RSA OAEP Decryption with explicit default digests");