[thirdparty/openssl.git] / test / recipes / 15-test_ecparam.t

#! /usr/bin/env perl
# Copyright 2017-2022 The OpenSSL Project Authors. All Rights Reserved.
#
# Licensed under the Apache License 2.0 (the "License").  You may not use
# this file except in compliance with the License.  You can obtain a copy
# in the file LICENSE in the source distribution or at
# https://www.openssl.org/source/license.html


use strict;
use warnings;

use File::Spec;
use File::Compare qw/compare_text/;
use OpenSSL::Glob;
use OpenSSL::Test qw/:DEFAULT data_file srctop_file bldtop_dir/;
use OpenSSL::Test::Utils;

setup("test_ecparam");

plan skip_all => "EC or EC2M isn't supported in this build"
    if disabled("ec") || disabled("ec2m");

my @valid = glob(data_file("valid", "*.pem"));
my @noncanon = glob(data_file("noncanon", "*.pem"));
my @invalid = glob(data_file("invalid", "*.pem"));

plan tests => 12;

sub checkload {
    my $files = shift; # List of files
    my $valid = shift; # Check should pass or fail?
    my $app = shift;   # Which application
    my $opt = shift;   # Additional option

    foreach (@$files) {
        if ($valid) {
            ok(run(app(['openssl', $app, '-noout', $opt, '-in', $_])));
        } else {
            ok(!run(app(['openssl', $app, '-noout', $opt, '-in', $_])));
        }
    }
}

sub checkcompare {
    my $files = shift; # List of files
    my $app = shift;   # Which application

    foreach (@$files) {
        my $testout = "$app.tst";

        ok(run(app(['openssl', $app, '-out', $testout, '-in', $_])));
        ok(!compare_text($_, $testout, sub {
            my $in1 = $_[0];
            my $in2 = $_[1];
            $in1 =~ s/\r\n/\n/g;
            $in2 =~ s/\r\n/\n/g;
            $in1 ne $in2}), "Original file $_ is the same as new one");
    }
}

my $no_fips = disabled('fips') || ($ENV{NO_FIPS} // 0);

subtest "Check loading valid parameters by ecparam with -check" => sub {
    plan tests => scalar(@valid);
    checkload(\@valid, 1, "ecparam", "-check");
};

subtest "Check loading valid parameters by ecparam with -check_named" => sub {
    plan tests => scalar(@valid);
    checkload(\@valid, 1, "ecparam", "-check_named");
};

subtest "Check loading valid parameters by pkeyparam with -check" => sub {
    plan tests => scalar(@valid);
    checkload(\@valid, 1, "pkeyparam", "-check");
};

subtest "Check loading non-canonically encoded parameters by ecparam with -check" => sub {
    plan tests => scalar(@noncanon);
    checkload(\@noncanon, 1, "ecparam", "-check");
};

subtest "Check loading non-canonically encoded parameters by ecparam with -check_named" => sub {
    plan tests => scalar(@noncanon);
    checkload(\@noncanon, 1, "ecparam", "-check_named");
};

subtest "Check loading non-canonically encoded parameters by pkeyparam with -check" => sub {
    plan tests => scalar(@noncanon);
    checkload(\@noncanon, 1, "pkeyparam", "-check");
};

subtest "Check loading invalid parameters by ecparam with -check" => sub {
    plan tests => scalar(@invalid);
    checkload(\@invalid, 0, "ecparam", "-check");
};

subtest "Check loading invalid parameters by ecparam with -check_named" => sub {
    plan tests => scalar(@invalid);
    checkload(\@invalid, 0, "ecparam", "-check_named");
};

subtest "Check loading invalid parameters by pkeyparam with -check" => sub {
    plan tests => scalar(@invalid);
    checkload(\@invalid, 0, "pkeyparam", "-check");
};

subtest "Check ecparam does not change the parameter file on output" => sub {
    plan tests => 2 * scalar(@valid);
    checkcompare(\@valid, "ecparam");
};

subtest "Check pkeyparam does not change the parameter file on output" => sub {
    plan tests => 2 * scalar(@valid);
    checkcompare(\@valid, "pkeyparam");
};

subtest "Check loading of fips and non-fips params" => sub {
    plan skip_all => "FIPS is disabled"
        if $no_fips;
    plan tests => 3;

    my $fipsconf = srctop_file("test", "fips-and-base.cnf");
    my $defaultconf = srctop_file("test", "default.cnf");

    $ENV{OPENSSL_CONF} = $fipsconf;

    ok(run(app(['openssl', 'ecparam',
                '-in', data_file('valid', 'secp384r1-explicit.pem'),
                '-check'])),
       "Loading explicitly encoded valid curve");

    ok(run(app(['openssl', 'ecparam',
                '-in', data_file('valid', 'secp384r1-named.pem'),
                '-check'])),
       "Loading named valid curve");

    ok(!run(app(['openssl', 'ecparam',
                '-in', data_file('valid', 'secp112r1-named.pem'),
                '-check'])),
       "Fail loading named non-fips curve");

    $ENV{OPENSSL_CONF} = $defaultconf;
};
Commit	Line	Data
691e302b	1	#! /usr/bin/env perl
fecb3aae	2	# Copyright 2017-2022 The OpenSSL Project Authors. All Rights Reserved.
691e302b	3	#
909f1a2e	4	# Licensed under the Apache License 2.0 (the "License"). You may not use
691e302b RL	5	# this file except in compliance with the License. You can obtain a copy
	6	# in the file LICENSE in the source distribution or at
	7	# https://www.openssl.org/source/license.html
	8
	9
	10	use strict;
	11	use warnings;
	12
	13	use File::Spec;
7b0f64b1	14	use File::Compare qw/compare_text/;
8d2214c0	15	use OpenSSL::Glob;
269c349a	16	use OpenSSL::Test qw/:DEFAULT data_file srctop_file bldtop_dir/;
691e302b RL	17	use OpenSSL::Test::Utils;
	18
	19	setup("test_ecparam");
	20
7b0f64b1	21	plan skip_all => "EC or EC2M isn't supported in this build"
a4750ce5	22	if disabled("ec") \|\| disabled("ec2m");
691e302b RL	23
691e302b RL	24	my @valid = glob(data_file("valid", "*.pem"));
7b0f64b1	25	my @noncanon = glob(data_file("noncanon", "*.pem"));
691e302b RL	26	my @invalid = glob(data_file("invalid", "*.pem"));
691e302b RL	27
269c349a	28	plan tests => 12;
691e302b	29
7b0f64b1 TM	30	sub checkload {
	31	my $files = shift; # List of files
	32	my $valid = shift; # Check should pass or fail?
	33	my $app = shift; # Which application
	34	my $opt = shift; # Additional option
691e302b	35
7b0f64b1 TM	36	foreach (@$files) {
	37	if ($valid) {
	38	ok(run(app(['openssl', $app, '-noout', $opt, '-in', $_])));
	39	} else {
	40	ok(!run(app(['openssl', $app, '-noout', $opt, '-in', $_])));
	41	}
d1eec097	42	}
7b0f64b1	43	}
d1eec097	44
7b0f64b1 TM	45	sub checkcompare {
	46	my $files = shift; # List of files
	47	my $app = shift; # Which application
d1eec097	48
7b0f64b1 TM	49	foreach (@$files) {
7b0f64b1 TM	50	my $testout = "$app.tst";
d1eec097	51
7b0f64b1	52	ok(run(app(['openssl', $app, '-out', $testout, '-in', $_])));
53d0d01f MC	53	ok(!compare_text($_, $testout, sub {
	54	my $in1 = $_[0];
	55	my $in2 = $_[1];
	56	$in1 =~ s/\r\n/\n/g;
	57	$in2 =~ s/\r\n/\n/g;
	58	$in1 ne $in2}), "Original file $_ is the same as new one");
d1eec097	59	}
8402cd5f SL	60	}
8402cd5f SL	61
269c349a TM	62	my $no_fips = disabled('fips') \|\| ($ENV{NO_FIPS} // 0);
269c349a TM	63
7b0f64b1 TM	64	subtest "Check loading valid parameters by ecparam with -check" => sub {
	65	plan tests => scalar(@valid);
	66	checkload(\@valid, 1, "ecparam", "-check");
	67	};
8402cd5f	68
7b0f64b1 TM	69	subtest "Check loading valid parameters by ecparam with -check_named" => sub {
	70	plan tests => scalar(@valid);
	71	checkload(\@valid, 1, "ecparam", "-check_named");
	72	};
	73
	74	subtest "Check loading valid parameters by pkeyparam with -check" => sub {
	75	plan tests => scalar(@valid);
	76	checkload(\@valid, 1, "pkeyparam", "-check");
	77	};
	78
	79	subtest "Check loading non-canonically encoded parameters by ecparam with -check" => sub {
	80	plan tests => scalar(@noncanon);
	81	checkload(\@noncanon, 1, "ecparam", "-check");
	82	};
	83
	84	subtest "Check loading non-canonically encoded parameters by ecparam with -check_named" => sub {
	85	plan tests => scalar(@noncanon);
	86	checkload(\@noncanon, 1, "ecparam", "-check_named");
	87	};
	88
	89	subtest "Check loading non-canonically encoded parameters by pkeyparam with -check" => sub {
	90	plan tests => scalar(@noncanon);
	91	checkload(\@noncanon, 1, "pkeyparam", "-check");
	92	};
	93
	94	subtest "Check loading invalid parameters by ecparam with -check" => sub {
	95	plan tests => scalar(@invalid);
	96	checkload(\@invalid, 0, "ecparam", "-check");
	97	};
	98
	99	subtest "Check loading invalid parameters by ecparam with -check_named" => sub {
	100	plan tests => scalar(@invalid);
	101	checkload(\@invalid, 0, "ecparam", "-check_named");
	102	};
	103
	104	subtest "Check loading invalid parameters by pkeyparam with -check" => sub {
	105	plan tests => scalar(@invalid);
	106	checkload(\@invalid, 0, "pkeyparam", "-check");
	107	};
	108
	109	subtest "Check ecparam does not change the parameter file on output" => sub {
	110	plan tests => 2 * scalar(@valid);
	111	checkcompare(\@valid, "ecparam");
	112	};
	113
	114	subtest "Check pkeyparam does not change the parameter file on output" => sub {
	115	plan tests => 2 * scalar(@valid);
	116	checkcompare(\@valid, "pkeyparam");
	117	};
269c349a TM	118
	119	subtest "Check loading of fips and non-fips params" => sub {
	120	plan skip_all => "FIPS is disabled"
	121	if $no_fips;
	122	plan tests => 3;
	123
	124	my $fipsconf = srctop_file("test", "fips-and-base.cnf");
	125	my $defaultconf = srctop_file("test", "default.cnf");
	126
	127	$ENV{OPENSSL_CONF} = $fipsconf;
	128
	129	ok(run(app(['openssl', 'ecparam',
	130	'-in', data_file('valid', 'secp384r1-explicit.pem'),
	131	'-check'])),
	132	"Loading explicitly encoded valid curve");
	133
	134	ok(run(app(['openssl', 'ecparam',
	135	'-in', data_file('valid', 'secp384r1-named.pem'),
	136	'-check'])),
	137	"Loading named valid curve");
	138
	139	ok(!run(app(['openssl', 'ecparam',
	140	'-in', data_file('valid', 'secp112r1-named.pem'),
	141	'-check'])),
	142	"Fail loading named non-fips curve");
	143
	144	$ENV{OPENSSL_CONF} = $defaultconf;
	145	};