#! /usr/bin/env perl # Copyright 2015-2021 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the Apache License 2.0 (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy # in the file LICENSE in the source distribution or at # https://www.openssl.org/source/license.html use strict; use warnings; use File::Spec; use OpenSSL::Test qw/:DEFAULT srctop_file/; use OpenSSL::Test::Utils; setup("test_ec"); plan skip_all => 'EC is not supported in this build' if disabled('ec'); plan tests => 15; my $no_fips = disabled('fips') || ($ENV{NO_FIPS} // 0); require_ok(srctop_file('test','recipes','tconversion.pl')); ok(run(test(["ectest"])), "running ectest"); # TODO: remove these when the 'ec' app is removed. # Also consider moving this to the 20-25 test section because it is testing # the command line tool in addition to the algorithm. subtest 'EC conversions -- private key' => sub { tconversion( -type => 'ec', -prefix => 'ec-priv', -in => srctop_file("test","testec-p256.pem") ); }; subtest 'EC conversions -- private key PKCS#8' => sub { tconversion( -type => 'ec', -prefix => 'ec-pkcs8', -in => srctop_file("test","testec-p256.pem"), -args => "pkey" ); }; subtest 'EC conversions -- public key' => sub { tconversion( -type => 'ec', -prefix => 'ec-pub', -in => srctop_file("test","testecpub-p256.pem"), -args => [ "ec", "-pubin", "-pubout" ] ); }; subtest 'PKEY conversions -- private key' => sub { tconversion( -type => 'pkey', -prefix => 'ec-pkey-priv', -in => srctop_file("test","testec-p256.pem") ); }; subtest 'PKEY conversions -- private key PKCS#8' => sub { tconversion( -type => 'pkey', -prefix => 'ec-pkey-pkcs8', -in => srctop_file("test","testec-p256.pem"), -args => "pkey" ); }; subtest 'PKEY conversions -- public key' => sub { tconversion( -type => 'pkey', -prefix => 'ec-pkey-pub', -in => srctop_file("test","testecpub-p256.pem"), -args => [ "pkey", "-pubin", "-pubout" ] ); }; subtest 'Ed25519 conversions -- private key' => sub { tconversion( -type => "pkey", -prefix => "ed25519-pkey-priv", -in => srctop_file("test", "tested25519.pem") ); }; subtest 'Ed25519 conversions -- private key PKCS#8' => sub { tconversion( -type => "pkey", -prefix => "ed25519-pkey-pkcs8", -in => srctop_file("test", "tested25519.pem"), -args => ["pkey"] ); }; subtest 'Ed25519 conversions -- public key' => sub { tconversion( -type => "pkey", -prefix => "ed25519-pkey-pub", -in => srctop_file("test", "tested25519pub.pem"), -args => ["pkey", "-pubin", "-pubout"] ); }; subtest 'Ed448 conversions -- private key' => sub { tconversion( -type => "pkey", -prefix => "ed448-pkey-priv", -in => srctop_file("test", "tested448.pem") ); }; subtest 'Ed448 conversions -- private key PKCS#8' => sub { tconversion( -type => "pkey", -prefix => "ed448-pkey-pkcs8", -in => srctop_file("test", "tested448.pem"), -args => ["pkey"] ); }; subtest 'Ed448 conversions -- public key' => sub { tconversion( -type => "pkey", -prefix => "ed448-pkey-pub", -in => srctop_file("test", "tested448pub.pem"), -args => ["pkey", "-pubin", "-pubout"] ); }; subtest 'Check loading of fips and non-fips keys' => sub { plan skip_all => "FIPS is disabled" if $no_fips; plan tests => 2; my $fipsconf = srctop_file("test", "fips-and-base.cnf"); $ENV{OPENSSL_CONF} = $fipsconf; ok(!run(app(['openssl', 'pkey', '-check', '-in', srctop_file("test", "testec-p112r1.pem")])), "Checking non-fips curve key fails in FIPS provider"); ok(run(app(['openssl', 'pkey', '-provider', 'default', '-propquery', '?fips!=yes', '-check', '-in', srctop_file("test", "testec-p112r1.pem")])), "Checking non-fips curve key succeeds with non-fips property query"); delete $ENV{OPENSSL_CONF}; }