]> git.ipfire.org Git - thirdparty/openssl.git/blob - test/recipes/15-test_ecparam.t
projects / thirdparty / openssl.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Support decode SM2 parameters
[thirdparty/openssl.git] / test / recipes / 15-test_ecparam.t
1 #! /usr/bin/env perl
2 # Copyright 2017-2022 The OpenSSL Project Authors. All Rights Reserved.
3 #
4 # Licensed under the Apache License 2.0 (the "License"). You may not use
5 # this file except in compliance with the License. You can obtain a copy
6 # in the file LICENSE in the source distribution or at
7 # https://www.openssl.org/source/license.html
8
9
10 use strict;
11 use warnings;
12
13 use File::Spec;
14 use File::Compare qw/compare_text/;
15 use OpenSSL::Glob;
16 use OpenSSL::Test qw/:DEFAULT data_file srctop_file bldtop_dir/;
17 use OpenSSL::Test::Utils;
18
19 setup("test_ecparam");
20
21 plan skip_all => "EC or EC2M isn't supported in this build"
22 if disabled("ec") || disabled("ec2m");
23
24 my @valid = glob(data_file("valid", "*.pem"));
25 my @noncanon = glob(data_file("noncanon", "*.pem"));
26 my @invalid = glob(data_file("invalid", "*.pem"));
27
28 if (disabled("sm2")) {
29 @valid = grep { !/sm2-.*\.pem/} @valid;
30 }
31
32 plan tests => 12;
33
34 sub checkload {
35 my $files = shift; # List of files
36 my $valid = shift; # Check should pass or fail?
37 my $app = shift; # Which application
38 my $opt = shift; # Additional option
39
40 foreach (@$files) {
41 if ($valid) {
42 ok(run(app(['openssl', $app, '-noout', $opt, '-in', $_])));
43 } else {
44 ok(!run(app(['openssl', $app, '-noout', $opt, '-in', $_])));
45 }
46 }
47 }
48
49 sub checkcompare {
50 my $files = shift; # List of files
51 my $app = shift; # Which application
52
53 foreach (@$files) {
54 my $testout = "$app.tst";
55
56 ok(run(app(['openssl', $app, '-out', $testout, '-in', $_])));
57 ok(!compare_text($_, $testout, sub {
58 my $in1 = $_[0];
59 my $in2 = $_[1];
60 $in1 =~ s/\r\n/\n/g;
61 $in2 =~ s/\r\n/\n/g;
62 $in1 ne $in2}), "Original file $_ is the same as new one");
63 }
64 }
65
66 my $no_fips = disabled('fips') || ($ENV{NO_FIPS} // 0);
67
68 subtest "Check loading valid parameters by ecparam with -check" => sub {
69 plan tests => scalar(@valid);
70 checkload(\@valid, 1, "ecparam", "-check");
71 };
72
73 subtest "Check loading valid parameters by ecparam with -check_named" => sub {
74 plan tests => scalar(@valid);
75 checkload(\@valid, 1, "ecparam", "-check_named");
76 };
77
78 subtest "Check loading valid parameters by pkeyparam with -check" => sub {
79 plan tests => scalar(@valid);
80 checkload(\@valid, 1, "pkeyparam", "-check");
81 };
82
83 subtest "Check loading non-canonically encoded parameters by ecparam with -check" => sub {
84 plan tests => scalar(@noncanon);
85 checkload(\@noncanon, 1, "ecparam", "-check");
86 };
87
88 subtest "Check loading non-canonically encoded parameters by ecparam with -check_named" => sub {
89 plan tests => scalar(@noncanon);
90 checkload(\@noncanon, 1, "ecparam", "-check_named");
91 };
92
93 subtest "Check loading non-canonically encoded parameters by pkeyparam with -check" => sub {
94 plan tests => scalar(@noncanon);
95 checkload(\@noncanon, 1, "pkeyparam", "-check");
96 };
97
98 subtest "Check loading invalid parameters by ecparam with -check" => sub {
99 plan tests => scalar(@invalid);
100 checkload(\@invalid, 0, "ecparam", "-check");
101 };
102
103 subtest "Check loading invalid parameters by ecparam with -check_named" => sub {
104 plan tests => scalar(@invalid);
105 checkload(\@invalid, 0, "ecparam", "-check_named");
106 };
107
108 subtest "Check loading invalid parameters by pkeyparam with -check" => sub {
109 plan tests => scalar(@invalid);
110 checkload(\@invalid, 0, "pkeyparam", "-check");
111 };
112
113 subtest "Check ecparam does not change the parameter file on output" => sub {
114 plan tests => 2 * scalar(@valid);
115 checkcompare(\@valid, "ecparam");
116 };
117
118 subtest "Check pkeyparam does not change the parameter file on output" => sub {
119 plan tests => 2 * scalar(@valid);
120 checkcompare(\@valid, "pkeyparam");
121 };
122
123 subtest "Check loading of fips and non-fips params" => sub {
124 plan skip_all => "FIPS is disabled"
125 if $no_fips;
126 plan tests => 8;
127
128 my $fipsconf = srctop_file("test", "fips-and-base.cnf");
129 my $defaultconf = srctop_file("test", "default.cnf");
130
131 $ENV{OPENSSL_CONF} = $fipsconf;
132
133 ok(run(app(['openssl', 'ecparam',
134 '-in', data_file('valid', 'secp384r1-explicit.pem'),
135 '-check'])),
136 "Loading explicitly encoded valid curve");
137
138 ok(run(app(['openssl', 'ecparam',
139 '-in', data_file('valid', 'secp384r1-named.pem'),
140 '-check'])),
141 "Loading named valid curve");
142
143 ok(!run(app(['openssl', 'ecparam',
144 '-in', data_file('valid', 'secp112r1-named.pem'),
145 '-check'])),
146 "Fail loading named non-fips curve");
147
148 ok(!run(app(['openssl', 'pkeyparam',
149 '-in', data_file('valid', 'secp112r1-named.pem'),
150 '-check'])),
151 "Fail loading named non-fips curve using pkeyparam");
152
153 ok(run(app(['openssl', 'ecparam',
154 '-provider', 'default',
155 '-propquery', '?fips!=yes',
156 '-in', data_file('valid', 'secp112r1-named.pem'),
157 '-check'])),
158 "Loading named non-fips curve in FIPS mode with non-FIPS property".
159 " query");
160
161 ok(run(app(['openssl', 'pkeyparam',
162 '-provider', 'default',
163 '-propquery', '?fips!=yes',
164 '-in', data_file('valid', 'secp112r1-named.pem'),
165 '-check'])),
166 "Loading named non-fips curve in FIPS mode with non-FIPS property".
167 " query using pkeyparam");
168
169 ok(!run(app(['openssl', 'ecparam',
170 '-genkey', '-name', 'secp112r1'])),
171 "Fail generating key for named non-fips curve");
172
173 ok(run(app(['openssl', 'ecparam',
174 '-provider', 'default',
175 '-propquery', '?fips!=yes',
176 '-genkey', '-name', 'secp112r1'])),
177 "Generating key for named non-fips curve with non-FIPS property query");
178
179 $ENV{OPENSSL_CONF} = $defaultconf;
180 };
A mirror of the official openssl repository