]>
Commit | Line | Data |
---|---|---|
ae89578b | 1 | #! /usr/bin/env perl |
8020d79b | 2 | # Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved. |
ae89578b SL |
3 | # |
4 | # Licensed under the Apache License 2.0 (the "License"). You may not use | |
5 | # this file except in compliance with the License. You can obtain a copy | |
6 | # in the file LICENSE in the source distribution or at | |
7 | # https://www.openssl.org/source/license.html | |
8 | ||
9 | use strict; | |
10 | use warnings; | |
11 | ||
12 | use OpenSSL::Test qw(:DEFAULT data_file bldtop_dir srctop_file srctop_dir bldtop_file); | |
13 | use OpenSSL::Test::Utils; | |
14 | use File::Compare qw/compare_text/; | |
15 | ||
16 | BEGIN { | |
17 | setup("test_rsaoaep"); | |
18 | } | |
19 | use lib srctop_dir('Configurations'); | |
20 | use lib bldtop_dir('.'); | |
ae89578b | 21 | |
7a810fac | 22 | my $no_check = disabled('fips-securitychecks'); |
ae89578b SL |
23 | |
24 | plan tests => | |
e25b4db7 | 25 | ($no_check ? 0 : 1) # FIPS security check |
ae89578b SL |
26 | + 9; |
27 | ||
28 | my @prov = ( ); | |
7192e4df | 29 | my $provconf = srctop_file("test", "fips-and-base.cnf"); |
ae89578b SL |
30 | my $provpath = bldtop_dir("providers"); |
31 | my $msg_file = data_file("plain_text"); | |
32 | my $enc1_file = "enc1.bin"; | |
33 | my $enc2_file = "enc2.bin"; | |
34 | my $enc3_file = "enc3.bin"; | |
35 | my $dec1_file = "dec1.txt"; | |
36 | my $dec2_file = "dec2.txt"; | |
37 | my $dec3_file = "dec3.txt"; | |
8d17cca5 SL |
38 | my $key_file = srctop_file("test", "testrsa2048.pem"); |
39 | my $small_key_file = srctop_file("test", "testrsa.pem"); | |
ae89578b | 40 | |
e25b4db7 | 41 | $ENV{OPENSSL_TEST_LIBCTX} = "1"; |
8d17cca5 | 42 | |
e25b4db7 RL |
43 | unless ($no_check) { |
44 | @prov = ( "-provider-path", $provpath, "-config", $provconf ); | |
45 | ok(!run(app(['openssl', 'pkeyutl', | |
46 | @prov, | |
47 | '-encrypt', | |
48 | '-in', $msg_file, | |
49 | '-inkey', $small_key_file, | |
50 | '-pkeyopt', 'pad-mode:oaep', | |
51 | '-pkeyopt', 'oaep-label:123', | |
52 | '-pkeyopt', 'digest:sha1', | |
53 | '-pkeyopt', 'mgf1-digest:sha1', | |
54 | '-out', $enc1_file])), | |
55 | "RSA OAEP Encryption with a key smaller than 2048 in fips mode should fail"); | |
ae89578b SL |
56 | } |
57 | ||
58 | ok(run(app(['openssl', 'pkeyutl', | |
59 | @prov, | |
60 | '-encrypt', | |
61 | '-in', $msg_file, | |
62 | '-inkey', $key_file, | |
63 | '-pkeyopt', 'pad-mode:oaep', | |
64 | '-pkeyopt', 'oaep-label:123', | |
65 | '-pkeyopt', 'digest:sha1', | |
66 | '-pkeyopt', 'mgf1-digest:sha1', | |
67 | '-out', $enc1_file])), | |
68 | "RSA OAEP Encryption"); | |
69 | ||
70 | ok(!run(app(['openssl', 'pkeyutl', | |
71 | @prov, | |
72 | '-encrypt', | |
73 | '-in', $key_file, | |
74 | '-inkey', $key_file, | |
75 | '-pkeyopt', 'pad-mode:oaep', | |
76 | '-pkeyopt', 'oaep-label:123', | |
77 | '-pkeyopt', 'digest:sha256', | |
78 | '-pkeyopt', 'mgf1-digest:sha1'])), | |
79 | "RSA OAEP Encryption should fail if the message is larger than the rsa modulus"); | |
80 | ||
81 | ok(run(app(['openssl', 'pkeyutl', | |
82 | @prov, | |
83 | '-decrypt', | |
84 | '-inkey', $key_file, | |
85 | '-pkeyopt', 'pad-mode:oaep', | |
86 | '-pkeyopt', 'oaep-label:123', | |
87 | '-pkeyopt', 'digest:sha1', | |
88 | '-pkeyopt', 'mgf1-digest:sha1', | |
89 | '-in', $enc1_file, | |
90 | '-out', $dec1_file])) | |
91 | && compare_text($dec1_file, $msg_file) == 0, | |
92 | "RSA OAEP Decryption"); | |
93 | ||
94 | ok(!run(app(['openssl', 'pkeyutl', | |
95 | @prov, | |
96 | '-decrypt', | |
97 | '-inkey', $key_file, | |
98 | '-pkeyopt', 'pad-mode:oaep', | |
99 | '-pkeyopt', 'oaep-label:123', | |
100 | '-pkeyopt', 'digest:sha256', | |
101 | '-pkeyopt', 'mgf1-digest:sha224', | |
102 | '-in', $enc1_file])), | |
103 | "Incorrect digest for RSA OAEP Decryption"); | |
104 | ||
105 | ok(!run(app(['openssl', 'pkeyutl', | |
106 | @prov, | |
107 | '-decrypt', | |
108 | '-inkey', $key_file, | |
109 | '-pkeyopt', 'pad-mode:oaep', | |
110 | '-pkeyopt', 'oaep-label:123', | |
111 | '-pkeyopt', 'digest:sha1', | |
112 | '-pkeyopt', 'mgf1-digest:sha224', | |
113 | '-in', $enc1_file])), | |
114 | "Incorrect mgf1-digest for RSA OAEP Decryption"); | |
115 | ||
116 | ok(run(app(['openssl', 'pkeyutl', | |
117 | @prov, | |
118 | '-encrypt', | |
119 | '-in', $msg_file, | |
120 | '-inkey', $key_file, | |
121 | '-pkeyopt', 'pad-mode:oaep', | |
122 | '-pkeyopt', 'oaep-label:123', | |
123 | '-pkeyopt', 'digest:sha1', | |
124 | '-pkeyopt', 'mgf1-digest:sha1', | |
125 | '-out', $enc2_file])) | |
126 | && compare_text($enc2_file, $enc1_file) != 0, | |
127 | "RSA OAEP Encryption should generate different encrypted data"); | |
128 | ||
129 | ok(run(app(['openssl', 'pkeyutl', | |
130 | @prov, | |
131 | '-decrypt', | |
132 | '-inkey', $key_file, | |
133 | '-pkeyopt', 'pad-mode:oaep', | |
134 | '-pkeyopt', 'oaep-label:123', | |
135 | '-in', $enc2_file, | |
136 | '-out', $dec2_file])) | |
137 | && compare_text($dec2_file, $msg_file) == 0, | |
138 | "RSA OAEP Decryption with default digests"); | |
139 | ||
140 | ok(run(app(['openssl', 'pkeyutl', | |
141 | @prov, | |
142 | '-encrypt', | |
143 | '-in', $msg_file, | |
144 | '-inkey', $key_file, | |
145 | '-pkeyopt', 'pad-mode:oaep', | |
146 | '-pkeyopt', 'oaep-label:123', | |
147 | '-out', $enc3_file])), | |
148 | "RSA OAEP Encryption with default digests"); | |
149 | ||
150 | ok(run(app(['openssl', 'pkeyutl', | |
151 | @prov, | |
152 | '-decrypt', | |
153 | '-inkey', $key_file, | |
154 | '-pkeyopt', 'pad-mode:oaep', | |
155 | '-pkeyopt', 'oaep-label:123', | |
156 | '-pkeyopt', 'digest:sha1', | |
157 | '-pkeyopt', 'mgf1-digest:sha1', | |
158 | '-in', $enc3_file, | |
159 | '-out', $dec3_file])) | |
160 | && compare_text($dec3_file, $msg_file) == 0, | |
161 | "RSA OAEP Decryption with explicit default digests"); |