[thirdparty/openssl.git] / test / recipes / 15-test_rsaoaep.t

#! /usr/bin/env perl
# Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved.
#
# Licensed under the Apache License 2.0 (the "License").  You may not use
# this file except in compliance with the License.  You can obtain a copy
# in the file LICENSE in the source distribution or at
# https://www.openssl.org/source/license.html

use strict;
use warnings;

use OpenSSL::Test qw(:DEFAULT data_file bldtop_dir srctop_file srctop_dir bldtop_file);
use OpenSSL::Test::Utils;
use File::Compare qw/compare_text/;

BEGIN {
    setup("test_rsaoaep");
}
use lib srctop_dir('Configurations');
use lib bldtop_dir('.');

my $no_check = disabled('fips-securitychecks');

plan tests =>
    ($no_check ? 0 : 1)         # FIPS security check
    + 9;

my @prov = ( );
my $provconf = srctop_file("test", "fips-and-base.cnf");
my $provpath = bldtop_dir("providers");
my $msg_file = data_file("plain_text");
my $enc1_file = "enc1.bin";
my $enc2_file = "enc2.bin";
my $enc3_file = "enc3.bin";
my $dec1_file = "dec1.txt";
my $dec2_file = "dec2.txt";
my $dec3_file = "dec3.txt";
my $key_file = srctop_file("test", "testrsa2048.pem");
my $small_key_file = srctop_file("test", "testrsa.pem");

$ENV{OPENSSL_TEST_LIBCTX} = "1";

unless ($no_check) {
    @prov = ( "-provider-path", $provpath, "-config", $provconf );
    ok(!run(app(['openssl', 'pkeyutl',
                 @prov,
                 '-encrypt',
                 '-in', $msg_file,
                 '-inkey', $small_key_file,
                 '-pkeyopt', 'pad-mode:oaep',
                 '-pkeyopt', 'oaep-label:123',
                 '-pkeyopt', 'digest:sha1',
                 '-pkeyopt', 'mgf1-digest:sha1',
                 '-out', $enc1_file])),
       "RSA OAEP Encryption with a key smaller than 2048 in fips mode should fail");
}

ok(run(app(['openssl', 'pkeyutl',
            @prov,
            '-encrypt',
            '-in', $msg_file,
            '-inkey', $key_file,
            '-pkeyopt', 'pad-mode:oaep',
            '-pkeyopt', 'oaep-label:123',
            '-pkeyopt', 'digest:sha1',
            '-pkeyopt', 'mgf1-digest:sha1',
            '-out', $enc1_file])),
   "RSA OAEP Encryption");

ok(!run(app(['openssl', 'pkeyutl',
             @prov,
             '-encrypt',
             '-in', $key_file,
             '-inkey', $key_file,
             '-pkeyopt', 'pad-mode:oaep',
             '-pkeyopt', 'oaep-label:123',
             '-pkeyopt', 'digest:sha256',
             '-pkeyopt', 'mgf1-digest:sha1'])),
   "RSA OAEP Encryption should fail if the message is larger than the rsa modulus");

ok(run(app(['openssl', 'pkeyutl',
            @prov,
            '-decrypt',
            '-inkey', $key_file,
            '-pkeyopt', 'pad-mode:oaep',
            '-pkeyopt', 'oaep-label:123',
            '-pkeyopt', 'digest:sha1',
            '-pkeyopt', 'mgf1-digest:sha1',
            '-in', $enc1_file,
            '-out', $dec1_file]))
    && compare_text($dec1_file, $msg_file) == 0,
    "RSA OAEP Decryption");

ok(!run(app(['openssl', 'pkeyutl',
             @prov,
             '-decrypt',
             '-inkey', $key_file,
             '-pkeyopt', 'pad-mode:oaep',
             '-pkeyopt', 'oaep-label:123',
             '-pkeyopt', 'digest:sha256',
             '-pkeyopt', 'mgf1-digest:sha224',
             '-in', $enc1_file])),
    "Incorrect digest for RSA OAEP Decryption");

ok(!run(app(['openssl', 'pkeyutl',
             @prov,
             '-decrypt',
             '-inkey', $key_file,
             '-pkeyopt', 'pad-mode:oaep',
             '-pkeyopt', 'oaep-label:123',
             '-pkeyopt', 'digest:sha1',
             '-pkeyopt', 'mgf1-digest:sha224',
             '-in', $enc1_file])),
    "Incorrect mgf1-digest for RSA OAEP Decryption");

ok(run(app(['openssl', 'pkeyutl',
            @prov,
            '-encrypt',
            '-in', $msg_file,
            '-inkey', $key_file,
            '-pkeyopt', 'pad-mode:oaep',
            '-pkeyopt', 'oaep-label:123',
            '-pkeyopt', 'digest:sha1',
            '-pkeyopt', 'mgf1-digest:sha1',
            '-out', $enc2_file]))
    && compare_text($enc2_file, $enc1_file) != 0,
   "RSA OAEP Encryption should generate different encrypted data");

ok(run(app(['openssl', 'pkeyutl',
            @prov,
            '-decrypt',
            '-inkey', $key_file,
            '-pkeyopt', 'pad-mode:oaep',
            '-pkeyopt', 'oaep-label:123',
            '-in', $enc2_file,
            '-out', $dec2_file]))
    && compare_text($dec2_file, $msg_file) == 0,
    "RSA OAEP Decryption with default digests");

ok(run(app(['openssl', 'pkeyutl',
            @prov,
            '-encrypt',
            '-in', $msg_file,
            '-inkey', $key_file,
            '-pkeyopt', 'pad-mode:oaep',
            '-pkeyopt', 'oaep-label:123',
            '-out', $enc3_file])),
   "RSA OAEP Encryption with default digests");

ok(run(app(['openssl', 'pkeyutl',
            @prov,
            '-decrypt',
            '-inkey', $key_file,
            '-pkeyopt', 'pad-mode:oaep',
            '-pkeyopt', 'oaep-label:123',
            '-pkeyopt', 'digest:sha1',
            '-pkeyopt', 'mgf1-digest:sha1',
            '-in', $enc3_file,
            '-out', $dec3_file]))
    && compare_text($dec3_file, $msg_file) == 0,
    "RSA OAEP Decryption with explicit default digests");
Commit	Line	Data
ae89578b	1	#! /usr/bin/env perl
8020d79b	2	# Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved.
ae89578b SL	3	#
	4	# Licensed under the Apache License 2.0 (the "License"). You may not use
	5	# this file except in compliance with the License. You can obtain a copy
	6	# in the file LICENSE in the source distribution or at
	7	# https://www.openssl.org/source/license.html
	8
	9	use strict;
	10	use warnings;
	11
	12	use OpenSSL::Test qw(:DEFAULT data_file bldtop_dir srctop_file srctop_dir bldtop_file);
	13	use OpenSSL::Test::Utils;
	14	use File::Compare qw/compare_text/;
	15
	16	BEGIN {
	17	setup("test_rsaoaep");
	18	}
	19	use lib srctop_dir('Configurations');
	20	use lib bldtop_dir('.');
ae89578b	21
7a810fac	22	my $no_check = disabled('fips-securitychecks');
ae89578b SL	23
ae89578b SL	24	plan tests =>
e25b4db7	25	($no_check ? 0 : 1) # FIPS security check
ae89578b SL	26	+ 9;
	27
	28	my @prov = ( );
7192e4df	29	my $provconf = srctop_file("test", "fips-and-base.cnf");
ae89578b SL	30	my $provpath = bldtop_dir("providers");
	31	my $msg_file = data_file("plain_text");
	32	my $enc1_file = "enc1.bin";
	33	my $enc2_file = "enc2.bin";
	34	my $enc3_file = "enc3.bin";
	35	my $dec1_file = "dec1.txt";
	36	my $dec2_file = "dec2.txt";
	37	my $dec3_file = "dec3.txt";
8d17cca5 SL	38	my $key_file = srctop_file("test", "testrsa2048.pem");
8d17cca5 SL	39	my $small_key_file = srctop_file("test", "testrsa.pem");
ae89578b	40
e25b4db7	41	$ENV{OPENSSL_TEST_LIBCTX} = "1";
8d17cca5	42
e25b4db7 RL	43	unless ($no_check) {
	44	@prov = ( "-provider-path", $provpath, "-config", $provconf );
	45	ok(!run(app(['openssl', 'pkeyutl',
	46	@prov,
	47	'-encrypt',
	48	'-in', $msg_file,
	49	'-inkey', $small_key_file,
	50	'-pkeyopt', 'pad-mode:oaep',
	51	'-pkeyopt', 'oaep-label:123',
	52	'-pkeyopt', 'digest:sha1',
	53	'-pkeyopt', 'mgf1-digest:sha1',
	54	'-out', $enc1_file])),
	55	"RSA OAEP Encryption with a key smaller than 2048 in fips mode should fail");
ae89578b SL	56	}
	57
	58	ok(run(app(['openssl', 'pkeyutl',
	59	@prov,
	60	'-encrypt',
	61	'-in', $msg_file,
	62	'-inkey', $key_file,
	63	'-pkeyopt', 'pad-mode:oaep',
	64	'-pkeyopt', 'oaep-label:123',
	65	'-pkeyopt', 'digest:sha1',
	66	'-pkeyopt', 'mgf1-digest:sha1',
	67	'-out', $enc1_file])),
	68	"RSA OAEP Encryption");
	69
	70	ok(!run(app(['openssl', 'pkeyutl',
	71	@prov,
	72	'-encrypt',
	73	'-in', $key_file,
	74	'-inkey', $key_file,
	75	'-pkeyopt', 'pad-mode:oaep',
	76	'-pkeyopt', 'oaep-label:123',
	77	'-pkeyopt', 'digest:sha256',
	78	'-pkeyopt', 'mgf1-digest:sha1'])),
	79	"RSA OAEP Encryption should fail if the message is larger than the rsa modulus");
	80
	81	ok(run(app(['openssl', 'pkeyutl',
	82	@prov,
	83	'-decrypt',
	84	'-inkey', $key_file,
	85	'-pkeyopt', 'pad-mode:oaep',
	86	'-pkeyopt', 'oaep-label:123',
	87	'-pkeyopt', 'digest:sha1',
	88	'-pkeyopt', 'mgf1-digest:sha1',
	89	'-in', $enc1_file,
	90	'-out', $dec1_file]))
	91	&& compare_text($dec1_file, $msg_file) == 0,
	92	"RSA OAEP Decryption");
	93
	94	ok(!run(app(['openssl', 'pkeyutl',
	95	@prov,
	96	'-decrypt',
	97	'-inkey', $key_file,
	98	'-pkeyopt', 'pad-mode:oaep',
	99	'-pkeyopt', 'oaep-label:123',
	100	'-pkeyopt', 'digest:sha256',
	101	'-pkeyopt', 'mgf1-digest:sha224',
	102	'-in', $enc1_file])),
	103	"Incorrect digest for RSA OAEP Decryption");
	104
	105	ok(!run(app(['openssl', 'pkeyutl',
	106	@prov,
	107	'-decrypt',
	108	'-inkey', $key_file,
	109	'-pkeyopt', 'pad-mode:oaep',
	110	'-pkeyopt', 'oaep-label:123',
	111	'-pkeyopt', 'digest:sha1',
	112	'-pkeyopt', 'mgf1-digest:sha224',
	113	'-in', $enc1_file])),
	114	"Incorrect mgf1-digest for RSA OAEP Decryption");
	115
	116	ok(run(app(['openssl', 'pkeyutl',
	117	@prov,
	118	'-encrypt',
	119	'-in', $msg_file,
120	'-inkey', $key_file,
121	'-pkeyopt', 'pad-mode:oaep',
122	'-pkeyopt', 'oaep-label:123',
123	'-pkeyopt', 'digest:sha1',
124	'-pkeyopt', 'mgf1-digest:sha1',
125	'-out', $enc2_file]))
126	&& compare_text($enc2_file, $enc1_file) != 0,
127	"RSA OAEP Encryption should generate different encrypted data");
128
129	ok(run(app(['openssl', 'pkeyutl',
130	@prov,
131	'-decrypt',
132	'-inkey', $key_file,
133	'-pkeyopt', 'pad-mode:oaep',
134	'-pkeyopt', 'oaep-label:123',
135	'-in', $enc2_file,
136	'-out', $dec2_file]))
137	&& compare_text($dec2_file, $msg_file) == 0,
138	"RSA OAEP Decryption with default digests");
139
140	ok(run(app(['openssl', 'pkeyutl',
141	@prov,
142	'-encrypt',
143	'-in', $msg_file,
144	'-inkey', $key_file,
145	'-pkeyopt', 'pad-mode:oaep',
146	'-pkeyopt', 'oaep-label:123',
147	'-out', $enc3_file])),
148	"RSA OAEP Encryption with default digests");
149
150	ok(run(app(['openssl', 'pkeyutl',
151	@prov,
152	'-decrypt',
153	'-inkey', $key_file,
154	'-pkeyopt', 'pad-mode:oaep',
155	'-pkeyopt', 'oaep-label:123',
156	'-pkeyopt', 'digest:sha1',
157	'-pkeyopt', 'mgf1-digest:sha1',
158	'-in', $enc3_file,
159	'-out', $dec3_file]))
160	&& compare_text($dec3_file, $msg_file) == 0,
161	"RSA OAEP Decryption with explicit default digests");