]>
Commit | Line | Data |
---|---|---|
1 | #! /usr/bin/env perl | |
2 | # Copyright 2017-2023 The OpenSSL Project Authors. All Rights Reserved. | |
3 | # | |
4 | # Licensed under the Apache License 2.0 (the "License"). You may not use | |
5 | # this file except in compliance with the License. You can obtain a copy | |
6 | # in the file LICENSE in the source distribution or at | |
7 | # https://www.openssl.org/source/license.html | |
8 | ||
9 | ||
10 | use strict; | |
11 | use warnings; | |
12 | ||
13 | use File::Spec; | |
14 | use OpenSSL::Test qw/:DEFAULT srctop_file/; | |
15 | use OpenSSL::Test::Utils; | |
16 | ||
17 | # 'supported' and 'unsupported' reflect the current state of things. In | |
18 | # Test::More terms, 'supported' works exactly like ok(run(whatever)), while | |
19 | # 'unsupported' wraps that in a TODO: { } block. | |
20 | # | |
21 | # The first argument is the test name (this becomes the last argument to | |
22 | # 'ok') | |
23 | # The remaining argument are passed unchecked to 'run'. | |
24 | ||
25 | # 1: the result of app() or similar, i.e. something you can pass to | |
26 | sub supported_pass { | |
27 | my $str = shift; | |
28 | ||
29 | ok(run(@_), $str); | |
30 | } | |
31 | ||
32 | sub supported_fail { | |
33 | my $str = shift; | |
34 | ||
35 | ok(!run(@_), $str); | |
36 | } | |
37 | ||
38 | setup("test_genec"); | |
39 | ||
40 | plan skip_all => "This test is unsupported in a no-ec build" | |
41 | if disabled("ec"); | |
42 | ||
43 | my @prime_curves = qw( | |
44 | secp112r1 | |
45 | secp112r2 | |
46 | secp128r1 | |
47 | secp128r2 | |
48 | secp160k1 | |
49 | secp160r1 | |
50 | secp160r2 | |
51 | secp192k1 | |
52 | secp224k1 | |
53 | secp224r1 | |
54 | secp256k1 | |
55 | secp384r1 | |
56 | secp521r1 | |
57 | prime192v1 | |
58 | prime192v2 | |
59 | prime192v3 | |
60 | prime239v1 | |
61 | prime239v2 | |
62 | prime239v3 | |
63 | prime256v1 | |
64 | wap-wsg-idm-ecid-wtls6 | |
65 | wap-wsg-idm-ecid-wtls7 | |
66 | wap-wsg-idm-ecid-wtls8 | |
67 | wap-wsg-idm-ecid-wtls9 | |
68 | wap-wsg-idm-ecid-wtls12 | |
69 | brainpoolP160r1 | |
70 | brainpoolP160t1 | |
71 | brainpoolP192r1 | |
72 | brainpoolP192t1 | |
73 | brainpoolP224r1 | |
74 | brainpoolP224t1 | |
75 | brainpoolP256r1 | |
76 | brainpoolP256t1 | |
77 | brainpoolP320r1 | |
78 | brainpoolP320t1 | |
79 | brainpoolP384r1 | |
80 | brainpoolP384t1 | |
81 | brainpoolP512r1 | |
82 | brainpoolP512t1 | |
83 | ); | |
84 | ||
85 | my @binary_curves = qw( | |
86 | sect113r1 | |
87 | sect113r2 | |
88 | sect131r1 | |
89 | sect131r2 | |
90 | sect163k1 | |
91 | sect163r1 | |
92 | sect163r2 | |
93 | sect193r1 | |
94 | sect193r2 | |
95 | sect233k1 | |
96 | sect233r1 | |
97 | sect239k1 | |
98 | sect283k1 | |
99 | sect283r1 | |
100 | sect409k1 | |
101 | sect409r1 | |
102 | sect571k1 | |
103 | sect571r1 | |
104 | c2pnb163v1 | |
105 | c2pnb163v2 | |
106 | c2pnb163v3 | |
107 | c2pnb176v1 | |
108 | c2tnb191v1 | |
109 | c2tnb191v2 | |
110 | c2tnb191v3 | |
111 | c2pnb208w1 | |
112 | c2tnb239v1 | |
113 | c2tnb239v2 | |
114 | c2tnb239v3 | |
115 | c2pnb272w1 | |
116 | c2pnb304w1 | |
117 | c2tnb359v1 | |
118 | c2pnb368w1 | |
119 | c2tnb431r1 | |
120 | wap-wsg-idm-ecid-wtls1 | |
121 | wap-wsg-idm-ecid-wtls3 | |
122 | wap-wsg-idm-ecid-wtls4 | |
123 | wap-wsg-idm-ecid-wtls5 | |
124 | wap-wsg-idm-ecid-wtls10 | |
125 | wap-wsg-idm-ecid-wtls11 | |
126 | ); | |
127 | ||
128 | my @explicit_only_curves = (); | |
129 | push(@explicit_only_curves, qw( | |
130 | Oakley-EC2N-3 | |
131 | Oakley-EC2N-4 | |
132 | )) if !disabled("ec2m"); | |
133 | ||
134 | my @other_curves = (); | |
135 | push(@other_curves, 'SM2') | |
136 | if !disabled("sm2"); | |
137 | ||
138 | my @curve_aliases = qw( | |
139 | P-192 | |
140 | P-224 | |
141 | P-256 | |
142 | P-384 | |
143 | P-521 | |
144 | ); | |
145 | push(@curve_aliases, qw( | |
146 | B-163 | |
147 | B-233 | |
148 | B-283 | |
149 | B-409 | |
150 | B-571 | |
151 | K-163 | |
152 | K-233 | |
153 | K-283 | |
154 | K-409 | |
155 | K-571 | |
156 | )) if !disabled("ec2m"); | |
157 | ||
158 | my @curve_list = (); | |
159 | push(@curve_list, @prime_curves); | |
160 | push(@curve_list, @binary_curves) | |
161 | if !disabled("ec2m"); | |
162 | push(@curve_list, @other_curves); | |
163 | push(@curve_list, @curve_aliases); | |
164 | ||
165 | my %params_encodings = | |
166 | ( | |
167 | 'named_curve' => \&supported_pass, | |
168 | 'explicit' => \&supported_pass | |
169 | ); | |
170 | ||
171 | my @output_formats = ('PEM', 'DER'); | |
172 | ||
173 | plan tests => scalar(@curve_list) * scalar(keys %params_encodings) | |
174 | * (1 + scalar(@output_formats)) # Try listed @output_formats and text output | |
175 | * 2 # Test generating parameters and keys | |
176 | + 1 # Checking that with no curve it fails | |
177 | + 1 # Checking that with unknown curve it fails | |
178 | + 1 # Subtest for explicit only curves | |
179 | + 1 # base serializer test | |
180 | ; | |
181 | ||
182 | ok(!run(app([ 'openssl', 'genpkey', | |
183 | '-algorithm', 'EC'])), | |
184 | "genpkey EC with no params should fail"); | |
185 | ||
186 | ok(!run(app([ 'openssl', 'genpkey', | |
187 | '-algorithm', 'EC', | |
188 | '-pkeyopt', 'ec_paramgen_curve:bogus_foobar_curve'])), | |
189 | "genpkey EC with unknown curve name should fail"); | |
190 | ||
191 | ok(run(app([ 'openssl', 'genpkey', | |
192 | '-provider-path', 'providers', | |
193 | '-provider', 'base', | |
194 | '-config', srctop_file("test", "default.cnf"), | |
195 | '-algorithm', 'EC', | |
196 | '-pkeyopt', 'ec_paramgen_curve:prime256v1', | |
197 | '-text'])), | |
198 | "generate a private key and serialize it using the base provider"); | |
199 | ||
200 | foreach my $curvename (@curve_list) { | |
201 | foreach my $paramenc (sort keys %params_encodings) { | |
202 | my $fn = $params_encodings{$paramenc}; | |
203 | ||
204 | # --- Test generating parameters --- | |
205 | ||
206 | $fn->("genpkey EC params ${curvename} with ec_param_enc:'${paramenc}' (text)", | |
207 | app([ 'openssl', 'genpkey', '-genparam', | |
208 | '-algorithm', 'EC', | |
209 | '-pkeyopt', 'ec_paramgen_curve:'.$curvename, | |
210 | '-pkeyopt', 'ec_param_enc:'.$paramenc, | |
211 | '-text'])); | |
212 | ||
213 | foreach my $outform (@output_formats) { | |
214 | my $outfile = "ecgen.${curvename}.${paramenc}." . lc $outform; | |
215 | $fn->("genpkey EC params ${curvename} with ec_param_enc:'${paramenc}' (${outform})", | |
216 | app([ 'openssl', 'genpkey', '-genparam', | |
217 | '-algorithm', 'EC', | |
218 | '-pkeyopt', 'ec_paramgen_curve:'.$curvename, | |
219 | '-pkeyopt', 'ec_param_enc:'.$paramenc, | |
220 | '-outform', $outform, | |
221 | '-out', $outfile])); | |
222 | } | |
223 | ||
224 | # --- Test generating actual keys --- | |
225 | ||
226 | $fn->("genpkey EC key on ${curvename} with ec_param_enc:'${paramenc}' (text)", | |
227 | app([ 'openssl', 'genpkey', | |
228 | '-algorithm', 'EC', | |
229 | '-pkeyopt', 'ec_paramgen_curve:'.$curvename, | |
230 | '-pkeyopt', 'ec_param_enc:'.$paramenc, | |
231 | '-text'])); | |
232 | ||
233 | foreach my $outform (@output_formats) { | |
234 | my $outfile = "ecgen.${curvename}.${paramenc}." . lc $outform; | |
235 | my $outpubfile = "ecgen.${curvename}.${paramenc}-pub." . lc $outform; | |
236 | $fn->("genpkey EC key on ${curvename} with ec_param_enc:'${paramenc}' (${outform})", | |
237 | app([ 'openssl', 'genpkey', | |
238 | '-algorithm', 'EC', | |
239 | '-pkeyopt', 'ec_paramgen_curve:'.$curvename, | |
240 | '-pkeyopt', 'ec_param_enc:'.$paramenc, | |
241 | '-outform', $outform, | |
242 | '-out', $outfile, | |
243 | '-outpubkey', $outpubfile])); | |
244 | } | |
245 | } | |
246 | } | |
247 | ||
248 | subtest "test curves that only support explicit parameters encoding" => sub { | |
249 | plan skip_all => "This test is unsupported under current configuration" | |
250 | if scalar(@explicit_only_curves) <= 0; | |
251 | ||
252 | plan tests => scalar(@explicit_only_curves) * scalar(keys %params_encodings) | |
253 | * (1 + scalar(@output_formats)) # Try listed @output_formats and text output | |
254 | * 2 # Test generating parameters and keys | |
255 | ; | |
256 | ||
257 | my %params_encodings = | |
258 | ( | |
259 | 'named_curve' => \&supported_fail, | |
260 | 'explicit' => \&supported_pass | |
261 | ); | |
262 | ||
263 | foreach my $curvename (@explicit_only_curves) { | |
264 | foreach my $paramenc (sort keys %params_encodings) { | |
265 | my $fn = $params_encodings{$paramenc}; | |
266 | ||
267 | # --- Test generating parameters --- | |
268 | ||
269 | $fn->("genpkey EC params ${curvename} with ec_param_enc:'${paramenc}' (text)", | |
270 | app([ 'openssl', 'genpkey', '-genparam', | |
271 | '-algorithm', 'EC', | |
272 | '-pkeyopt', 'ec_paramgen_curve:'.$curvename, | |
273 | '-pkeyopt', 'ec_param_enc:'.$paramenc, | |
274 | '-text'])); | |
275 | ||
276 | foreach my $outform (@output_formats) { | |
277 | my $outfile = "ecgen.${curvename}.${paramenc}." . lc $outform; | |
278 | $fn->("genpkey EC params ${curvename} with ec_param_enc:'${paramenc}' (${outform})", | |
279 | app([ 'openssl', 'genpkey', '-genparam', | |
280 | '-algorithm', 'EC', | |
281 | '-pkeyopt', 'ec_paramgen_curve:'.$curvename, | |
282 | '-pkeyopt', 'ec_param_enc:'.$paramenc, | |
283 | '-outform', $outform, | |
284 | '-out', $outfile])); | |
285 | } | |
286 | ||
287 | # --- Test generating actual keys --- | |
288 | ||
289 | $fn->("genpkey EC key on ${curvename} with ec_param_enc:'${paramenc}' (text)", | |
290 | app([ 'openssl', 'genpkey', | |
291 | '-algorithm', 'EC', | |
292 | '-pkeyopt', 'ec_paramgen_curve:'.$curvename, | |
293 | '-pkeyopt', 'ec_param_enc:'.$paramenc, | |
294 | '-text'])); | |
295 | ||
296 | foreach my $outform (@output_formats) { | |
297 | my $outfile = "ecgen.${curvename}.${paramenc}." . lc $outform; | |
298 | $fn->("genpkey EC key on ${curvename} with ec_param_enc:'${paramenc}' (${outform})", | |
299 | app([ 'openssl', 'genpkey', | |
300 | '-algorithm', 'EC', | |
301 | '-pkeyopt', 'ec_paramgen_curve:'.$curvename, | |
302 | '-pkeyopt', 'ec_param_enc:'.$paramenc, | |
303 | '-outform', $outform, | |
304 | '-out', $outfile])); | |
305 | } | |
306 | } | |
307 | } | |
308 | }; |