[thirdparty/openssl.git] / test / recipes / 30-test_evp.t

#! /usr/bin/env perl
# Copyright 2015-2021 The OpenSSL Project Authors. All Rights Reserved.
#
# Licensed under the Apache License 2.0 (the "License").  You may not use
# this file except in compliance with the License.  You can obtain a copy
# in the file LICENSE in the source distribution or at
# https://www.openssl.org/source/license.html


use strict;
use warnings;

use OpenSSL::Test qw(:DEFAULT data_file bldtop_dir srctop_file srctop_dir bldtop_file);
use OpenSSL::Test::Utils;

BEGIN {
    setup("test_evp");
}

use lib srctop_dir('Configurations');
use lib bldtop_dir('.');

my $no_fips = disabled('fips') || ($ENV{NO_FIPS} // 0);
my $no_legacy = disabled('legacy') || ($ENV{NO_LEGACY} // 0);
my $no_des = disabled("des");
my $no_dh = disabled("dh");
my $no_dsa = disabled("dsa");
my $no_ec = disabled("ec");
my $no_ecx = disabled("ecx");
my $no_ec2m = disabled("ec2m");
my $no_sm2 = disabled("sm2");
my $no_siv = disabled("siv");
my $no_argon2 = disabled("argon2");

# Default config depends on if the legacy module is built or not
my $defaultcnf = $no_legacy ? 'default.cnf' : 'default-and-legacy.cnf';

my @configs = ( $defaultcnf );
# Only add the FIPS config if the FIPS module has been built
push @configs, 'fips-and-base.cnf' unless $no_fips;

# A list of tests that run with both the default and fips provider.
my @files = qw(
                evpciph_aes_ccm_cavs.txt
                evpciph_aes_common.txt
                evpciph_aes_cts.txt
                evpciph_aes_wrap.txt
                evpciph_aes_stitched.txt
                evpciph_des3_common.txt
                evpkdf_hkdf.txt
                evpkdf_kbkdf_counter.txt
                evpkdf_kbkdf_kmac.txt
                evpkdf_pbkdf1.txt
                evpkdf_pbkdf2.txt
                evpkdf_ss.txt
                evpkdf_ssh.txt
                evpkdf_tls12_prf.txt
                evpkdf_tls13_kdf.txt
                evpkdf_x942.txt
                evpkdf_x963.txt
                evpmac_common.txt
                evpmd_sha.txt
                evppbe_pbkdf2.txt
                evppkey_kdf_hkdf.txt
                evppkey_rsa_common.txt
                evprand.txt
              );
push @files, qw(
                evppkey_ffdhe.txt
                evppkey_dh.txt
               ) unless $no_dh;
push @files, qw(
                evpkdf_x942_des.txt
                evpmac_cmac_des.txt
               ) unless $no_des;
push @files, qw(evppkey_dsa.txt) unless $no_dsa;
push @files, qw(
                evppkey_ecx.txt
                evppkey_mismatch_ecx.txt
               ) unless $no_ecx;
push @files, qw(
                evppkey_ecc.txt
                evppkey_ecdh.txt
                evppkey_ecdsa.txt
                evppkey_kas.txt
                evppkey_mismatch.txt
               ) unless $no_ec;

# A list of tests that only run with the default provider
# (i.e. The algorithms are not present in the fips provider)
my @defltfiles = qw(
                     evpciph_aes_ocb.txt
                     evpciph_aria.txt 
                     evpciph_bf.txt
                     evpciph_camellia.txt
                     evpciph_camellia_cts.txt
                     evpciph_cast5.txt
                     evpciph_chacha.txt
                     evpciph_des.txt
                     evpciph_idea.txt
                     evpciph_rc2.txt
                     evpciph_rc4.txt
                     evpciph_rc4_stitched.txt
                     evpciph_rc5.txt
                     evpciph_seed.txt
                     evpciph_sm4.txt
                     evpencod.txt
                     evpkdf_krb5.txt
                     evpkdf_scrypt.txt
                     evpkdf_tls11_prf.txt
                     evpkdf_hmac_drbg.txt
                     evpmac_blake.txt
                     evpmac_poly1305.txt
                     evpmac_siphash.txt
                     evpmac_sm3.txt
                     evpmd_blake.txt
                     evpmd_md.txt
                     evpmd_mdc2.txt
                     evpmd_ripemd.txt
                     evpmd_sm3.txt
                     evpmd_whirlpool.txt
                     evppbe_scrypt.txt
                     evppbe_pkcs12.txt
                     evppkey_kdf_scrypt.txt
                     evppkey_kdf_tls1_prf.txt
                     evppkey_rsa.txt
                    );
push @defltfiles, qw(evppkey_brainpool.txt) unless $no_ec;
push @defltfiles, qw(evppkey_ecdsa_rfc6979.txt) unless $no_ec;
push @defltfiles, qw(evppkey_dsa_rfc6979.txt) unless $no_dsa;
push @defltfiles, qw(evppkey_sm2.txt) unless $no_sm2;
push @defltfiles, qw(evpciph_aes_gcm_siv.txt) unless $no_siv;
push @defltfiles, qw(evpciph_aes_siv.txt) unless $no_siv;
push @defltfiles, qw(evpkdf_argon2.txt) unless $no_argon2;

plan tests =>
    + (scalar(@configs) * scalar(@files))
    + scalar(@defltfiles)
    + 3; # error output tests

foreach (@configs) {
    my $conf = srctop_file("test", $_);

    foreach my $f ( @files ) {
        ok(run(test(["evp_test",
                     "-config", $conf,
                     data_file("$f")])),
           "running evp_test -config $conf $f");
    }
}

my $conf = srctop_file("test", $defaultcnf);
foreach my $f ( @defltfiles ) {
    ok(run(test(["evp_test",
                 "-config", $conf,
                 data_file("$f")])),
       "running evp_test -config $conf $f");
}

# test_errors OPTIONS
#
# OPTIONS may include:
#
# key      => "filename"        # expected to be found in $SRCDIR/test/certs
# out      => "filename"        # file to write error strings to
# args     => [ ... extra openssl pkey args ... ]
# expected => regexps to match error lines against
sub test_errors { # actually tests diagnostics of OSSL_STORE
    my %opts = @_;
    my $infile = srctop_file('test', 'certs', $opts{key});
    my @args = ( qw(openssl pkey -in), $infile, @{$opts{args} // []} );
    my $res = !run(app([@args], stderr => $opts{out}));
    my $found = !exists $opts{expected};
    open(my $in, '<', $opts{out}) or die "Could not open file $opts{out}";
    while(my $errline = <$in>) {
        print $errline; # this may help debugging

        # output must not include ASN.1 parse errors
        $res &&= $errline !~ m/asn1 encoding/;
        # output must include what is expressed in $opts{$expected}
        $found = 1
            if exists $opts{expected} && $errline =~ m/$opts{expected}/;
    }
    close $in;
    # $tmpfile is kept to help with investigation in case of failure
    return $res && $found;
}

SKIP: {
    skip "DSA not disabled", 2 if !disabled("dsa");

    ok(test_errors(key => 'server-dsa-key.pem',
                   out => 'server-dsa-key.err'),
       "expected error loading unsupported dsa private key");
    ok(test_errors(key => 'server-dsa-pubkey.pem',
                   out => 'server-dsa-pubkey.err',
                   args => [ '-pubin' ],
                   expected => 'unsupported'),
       "expected error loading unsupported dsa public key");
}

SKIP: {
    skip "SM2 not disabled", 1 if !disabled("sm2");

    ok(test_errors(key => 'sm2.key', out => 'sm2.err'),
       "expected error loading unsupported sm2 private key");
}
Commit	Line	Data
596d6b7e	1	#! /usr/bin/env perl
8020d79b	2	# Copyright 2015-2021 The OpenSSL Project Authors. All Rights Reserved.
596d6b7e	3	#
909f1a2e	4	# Licensed under the Apache License 2.0 (the "License"). You may not use
596d6b7e RS	5	# this file except in compliance with the License. You can obtain a copy
	6	# in the file LICENSE in the source distribution or at
	7	# https://www.openssl.org/source/license.html
	8
4fb35f8f RL	9
	10	use strict;
	11	use warnings;
	12
7bb82f92	13	use OpenSSL::Test qw(:DEFAULT data_file bldtop_dir srctop_file srctop_dir bldtop_file);
23ccf13d	14	use OpenSSL::Test::Utils;
4fb35f8f	15
7bb82f92	16	BEGIN {
5ccada09	17	setup("test_evp");
7bb82f92 SL	18	}
	19
	20	use lib srctop_dir('Configurations');
	21	use lib bldtop_dir('.');
4fb35f8f	22
e0d952fc RL	23	my $no_fips = disabled('fips') \|\| ($ENV{NO_FIPS} // 0);
e0d952fc RL	24	my $no_legacy = disabled('legacy') \|\| ($ENV{NO_LEGACY} // 0);
45e72d1f	25	my $no_des = disabled("des");
5e26c339 DDO	26	my $no_dh = disabled("dh");
	27	my $no_dsa = disabled("dsa");
	28	my $no_ec = disabled("ec");
4032cd9a	29	my $no_ecx = disabled("ecx");
6b3d2875	30	my $no_ec2m = disabled("ec2m");
5e26c339	31	my $no_sm2 = disabled("sm2");
0113ec84	32	my $no_siv = disabled("siv");
6dfa998f	33	my $no_argon2 = disabled("argon2");
e0d952fc	34
23ccf13d	35	# Default config depends on if the legacy module is built or not
e0d952fc	36	my $defaultcnf = $no_legacy ? 'default.cnf' : 'default-and-legacy.cnf';
23ccf13d RL	37
	38	my @configs = ( $defaultcnf );
	39	# Only add the FIPS config if the FIPS module has been built
7192e4df	40	push @configs, 'fips-and-base.cnf' unless $no_fips;
23ccf13d	41
5ccada09 SL	42	# A list of tests that run with both the default and fips provider.
	43	my @files = qw(
	44	evpciph_aes_ccm_cavs.txt
	45	evpciph_aes_common.txt
3dafbd44	46	evpciph_aes_cts.txt
8ea761bf	47	evpciph_aes_wrap.txt
f53c079f	48	evpciph_aes_stitched.txt
c69cf38e	49	evpciph_des3_common.txt
5ccada09	50	evpkdf_hkdf.txt
0e9a265e	51	evpkdf_kbkdf_counter.txt
211c47ca	52	evpkdf_kbkdf_kmac.txt
0f183675	53	evpkdf_pbkdf1.txt
5ccada09 SL	54	evpkdf_pbkdf2.txt
	55	evpkdf_ss.txt
	56	evpkdf_ssh.txt
	57	evpkdf_tls12_prf.txt
d209fc6c	58	evpkdf_tls13_kdf.txt
89cccbea	59	evpkdf_x942.txt
5ccada09 SL	60	evpkdf_x963.txt
	61	evpmac_common.txt
	62	evpmd_sha.txt
	63	evppbe_pbkdf2.txt
5e26c339 DDO	64	evppkey_kdf_hkdf.txt
	65	evppkey_rsa_common.txt
	66	evprand.txt
	67	);
46eee710 SL	68	push @files, qw(
	69	evppkey_ffdhe.txt
	70	evppkey_dh.txt
	71	) unless $no_dh;
45e72d1f P	72	push @files, qw(
45e72d1f P	73	evpkdf_x942_des.txt
c69cf38e	74	evpmac_cmac_des.txt
45e72d1f	75	) unless $no_des;
5e26c339	76	push @files, qw(evppkey_dsa.txt) unless $no_dsa;
4032cd9a YL	77	push @files, qw(
	78	evppkey_ecx.txt
	79	evppkey_mismatch_ecx.txt
	80	) unless $no_ecx;
5e26c339	81	push @files, qw(
96b92410 RL	82	evppkey_ecc.txt
96b92410 RL	83	evppkey_ecdh.txt
5ccada09	84	evppkey_ecdsa.txt
5ccada09	85	evppkey_kas.txt
5ccada09	86	evppkey_mismatch.txt
9ba4f489	87	) unless $no_ec;
5ccada09 SL	88
	89	# A list of tests that only run with the default provider
	90	# (i.e. The algorithms are not present in the fips provider)
	91	my @defltfiles = qw(
5ccada09	92	evpciph_aes_ocb.txt
5ccada09 SL	93	evpciph_aria.txt
	94	evpciph_bf.txt
	95	evpciph_camellia.txt
7f5a9399	96	evpciph_camellia_cts.txt
5ccada09 SL	97	evpciph_cast5.txt
	98	evpciph_chacha.txt
	99	evpciph_des.txt
	100	evpciph_idea.txt
	101	evpciph_rc2.txt
	102	evpciph_rc4.txt
f53c079f	103	evpciph_rc4_stitched.txt
5ccada09 SL	104	evpciph_rc5.txt
	105	evpciph_seed.txt
	106	evpciph_sm4.txt
	107	evpencod.txt
	108	evpkdf_krb5.txt
	109	evpkdf_scrypt.txt
	110	evpkdf_tls11_prf.txt
f3090fc7	111	evpkdf_hmac_drbg.txt
5ccada09 SL	112	evpmac_blake.txt
	113	evpmac_poly1305.txt
	114	evpmac_siphash.txt
0648ec1c	115	evpmac_sm3.txt
5ccada09 SL	116	evpmd_blake.txt
	117	evpmd_md.txt
	118	evpmd_mdc2.txt
	119	evpmd_ripemd.txt
	120	evpmd_sm3.txt
	121	evpmd_whirlpool.txt
	122	evppbe_scrypt.txt
0e53cd52	123	evppbe_pkcs12.txt
5ccada09 SL	124	evppkey_kdf_scrypt.txt
5ccada09 SL	125	evppkey_kdf_tls1_prf.txt
3f699197	126	evppkey_rsa.txt
5ccada09	127	);
5e26c339	128	push @defltfiles, qw(evppkey_brainpool.txt) unless $no_ec;
6b3d2875	129	push @defltfiles, qw(evppkey_ecdsa_rfc6979.txt) unless $no_ec;
6b3d2875	130	push @defltfiles, qw(evppkey_dsa_rfc6979.txt) unless $no_dsa;
5e26c339	131	push @defltfiles, qw(evppkey_sm2.txt) unless $no_sm2;
a5ad0158	132	push @defltfiles, qw(evpciph_aes_gcm_siv.txt) unless $no_siv;
0113ec84	133	push @defltfiles, qw(evpciph_aes_siv.txt) unless $no_siv;
6dfa998f	134	push @defltfiles, qw(evpkdf_argon2.txt) unless $no_argon2;
ed5cb177	135
e0d952fc	136	plan tests =>
e0d952fc	137	+ (scalar(@configs) * scalar(@files))
66066e1b DDO	138	+ scalar(@defltfiles)
66066e1b DDO	139	+ 3; # error output tests
e0d952fc	140
e2f72313	141	foreach (@configs) {
5ccada09	142	my $conf = srctop_file("test", $_);
e2f72313 RL	143
e2f72313 RL	144	foreach my $f ( @files ) {
5ccada09 SL	145	ok(run(test(["evp_test",
	146	"-config", $conf,
	147	data_file("$f")])),
	148	"running evp_test -config $conf $f");
e2f72313	149	}
6b7b3433	150	}
f305ecda	151
5ccada09	152	my $conf = srctop_file("test", $defaultcnf);
f305ecda	153	foreach my $f ( @defltfiles ) {
5ccada09 SL	154	ok(run(test(["evp_test",
	155	"-config", $conf,
	156	data_file("$f")])),
	157	"running evp_test -config $conf $f");
f305ecda	158	}
66066e1b	159
55d9ccca RL	160	# test_errors OPTIONS
	161	#
	162	# OPTIONS may include:
	163	#
	164	# key => "filename" # expected to be found in $SRCDIR/test/certs
	165	# out => "filename" # file to write error strings to
	166	# args => [ ... extra openssl pkey args ... ]
	167	# expected => regexps to match error lines against
66066e1b	168	sub test_errors { # actually tests diagnostics of OSSL_STORE
55d9ccca RL	169	my %opts = @_;
	170	my $infile = srctop_file('test', 'certs', $opts{key});
	171	my @args = ( qw(openssl pkey -in), $infile, @{$opts{args} // []} );
	172	my $res = !run(app([@args], stderr => $opts{out}));
	173	my $found = !exists $opts{expected};
	174	open(my $in, '<', $opts{out}) or die "Could not open file $opts{out}";
	175	while(my $errline = <$in>) {
	176	print $errline; # this may help debugging
	177
	178	# output must not include ASN.1 parse errors
	179	$res &&= $errline !~ m/asn1 encoding/;
	180	# output must include what is expressed in $opts{$expected}
	181	$found = 1
	182	if exists $opts{expected} && $errline =~ m/$opts{expected}/;
66066e1b DDO	183	}
	184	close $in;
	185	# $tmpfile is kept to help with investigation in case of failure
	186	return $res && $found;
	187	}
	188
	189	SKIP: {
	190	skip "DSA not disabled", 2 if !disabled("dsa");
	191
55d9ccca RL	192	ok(test_errors(key => 'server-dsa-key.pem',
	193	out => 'server-dsa-key.err'),
	194	"expected error loading unsupported dsa private key");
	195	ok(test_errors(key => 'server-dsa-pubkey.pem',
	196	out => 'server-dsa-pubkey.err',
	197	args => [ '-pubin' ],
7aef2000	198	expected => 'unsupported'),
55d9ccca	199	"expected error loading unsupported dsa public key");
66066e1b DDO	200	}
	201
	202	SKIP: {
55d9ccca	203	skip "SM2 not disabled", 1 if !disabled("sm2");
66066e1b	204
55d9ccca RL	205	ok(test_errors(key => 'sm2.key', out => 'sm2.err'),
55d9ccca RL	206	"expected error loading unsupported sm2 private key");
66066e1b	207	}