2
0

15-test_rsaoaep.t 5.2 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161
  1. #! /usr/bin/env perl
  2. # Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved.
  3. #
  4. # Licensed under the Apache License 2.0 (the "License"). You may not use
  5. # this file except in compliance with the License. You can obtain a copy
  6. # in the file LICENSE in the source distribution or at
  7. # https://www.openssl.org/source/license.html
  8. use strict;
  9. use warnings;
  10. use OpenSSL::Test qw(:DEFAULT data_file bldtop_dir srctop_file srctop_dir bldtop_file);
  11. use OpenSSL::Test::Utils;
  12. use File::Compare qw/compare_text/;
  13. BEGIN {
  14. setup("test_rsaoaep");
  15. }
  16. use lib srctop_dir('Configurations');
  17. use lib bldtop_dir('.');
  18. my $no_check = disabled('fips-securitychecks');
  19. plan tests =>
  20. ($no_check ? 0 : 1) # FIPS security check
  21. + 9;
  22. my @prov = ( );
  23. my $provconf = srctop_file("test", "fips-and-base.cnf");
  24. my $provpath = bldtop_dir("providers");
  25. my $msg_file = data_file("plain_text");
  26. my $enc1_file = "enc1.bin";
  27. my $enc2_file = "enc2.bin";
  28. my $enc3_file = "enc3.bin";
  29. my $dec1_file = "dec1.txt";
  30. my $dec2_file = "dec2.txt";
  31. my $dec3_file = "dec3.txt";
  32. my $key_file = srctop_file("test", "testrsa2048.pem");
  33. my $small_key_file = srctop_file("test", "testrsa.pem");
  34. $ENV{OPENSSL_TEST_LIBCTX} = "1";
  35. unless ($no_check) {
  36. @prov = ( "-provider-path", $provpath, "-config", $provconf );
  37. ok(!run(app(['openssl', 'pkeyutl',
  38. @prov,
  39. '-encrypt',
  40. '-in', $msg_file,
  41. '-inkey', $small_key_file,
  42. '-pkeyopt', 'pad-mode:oaep',
  43. '-pkeyopt', 'oaep-label:123',
  44. '-pkeyopt', 'digest:sha1',
  45. '-pkeyopt', 'mgf1-digest:sha1',
  46. '-out', $enc1_file])),
  47. "RSA OAEP Encryption with a key smaller than 2048 in fips mode should fail");
  48. }
  49. ok(run(app(['openssl', 'pkeyutl',
  50. @prov,
  51. '-encrypt',
  52. '-in', $msg_file,
  53. '-inkey', $key_file,
  54. '-pkeyopt', 'pad-mode:oaep',
  55. '-pkeyopt', 'oaep-label:123',
  56. '-pkeyopt', 'digest:sha1',
  57. '-pkeyopt', 'mgf1-digest:sha1',
  58. '-out', $enc1_file])),
  59. "RSA OAEP Encryption");
  60. ok(!run(app(['openssl', 'pkeyutl',
  61. @prov,
  62. '-encrypt',
  63. '-in', $key_file,
  64. '-inkey', $key_file,
  65. '-pkeyopt', 'pad-mode:oaep',
  66. '-pkeyopt', 'oaep-label:123',
  67. '-pkeyopt', 'digest:sha256',
  68. '-pkeyopt', 'mgf1-digest:sha1'])),
  69. "RSA OAEP Encryption should fail if the message is larger than the rsa modulus");
  70. ok(run(app(['openssl', 'pkeyutl',
  71. @prov,
  72. '-decrypt',
  73. '-inkey', $key_file,
  74. '-pkeyopt', 'pad-mode:oaep',
  75. '-pkeyopt', 'oaep-label:123',
  76. '-pkeyopt', 'digest:sha1',
  77. '-pkeyopt', 'mgf1-digest:sha1',
  78. '-in', $enc1_file,
  79. '-out', $dec1_file]))
  80. && compare_text($dec1_file, $msg_file) == 0,
  81. "RSA OAEP Decryption");
  82. ok(!run(app(['openssl', 'pkeyutl',
  83. @prov,
  84. '-decrypt',
  85. '-inkey', $key_file,
  86. '-pkeyopt', 'pad-mode:oaep',
  87. '-pkeyopt', 'oaep-label:123',
  88. '-pkeyopt', 'digest:sha256',
  89. '-pkeyopt', 'mgf1-digest:sha224',
  90. '-in', $enc1_file])),
  91. "Incorrect digest for RSA OAEP Decryption");
  92. ok(!run(app(['openssl', 'pkeyutl',
  93. @prov,
  94. '-decrypt',
  95. '-inkey', $key_file,
  96. '-pkeyopt', 'pad-mode:oaep',
  97. '-pkeyopt', 'oaep-label:123',
  98. '-pkeyopt', 'digest:sha1',
  99. '-pkeyopt', 'mgf1-digest:sha224',
  100. '-in', $enc1_file])),
  101. "Incorrect mgf1-digest for RSA OAEP Decryption");
  102. ok(run(app(['openssl', 'pkeyutl',
  103. @prov,
  104. '-encrypt',
  105. '-in', $msg_file,
  106. '-inkey', $key_file,
  107. '-pkeyopt', 'pad-mode:oaep',
  108. '-pkeyopt', 'oaep-label:123',
  109. '-pkeyopt', 'digest:sha1',
  110. '-pkeyopt', 'mgf1-digest:sha1',
  111. '-out', $enc2_file]))
  112. && compare_text($enc2_file, $enc1_file) != 0,
  113. "RSA OAEP Encryption should generate different encrypted data");
  114. ok(run(app(['openssl', 'pkeyutl',
  115. @prov,
  116. '-decrypt',
  117. '-inkey', $key_file,
  118. '-pkeyopt', 'pad-mode:oaep',
  119. '-pkeyopt', 'oaep-label:123',
  120. '-in', $enc2_file,
  121. '-out', $dec2_file]))
  122. && compare_text($dec2_file, $msg_file) == 0,
  123. "RSA OAEP Decryption with default digests");
  124. ok(run(app(['openssl', 'pkeyutl',
  125. @prov,
  126. '-encrypt',
  127. '-in', $msg_file,
  128. '-inkey', $key_file,
  129. '-pkeyopt', 'pad-mode:oaep',
  130. '-pkeyopt', 'oaep-label:123',
  131. '-out', $enc3_file])),
  132. "RSA OAEP Encryption with default digests");
  133. ok(run(app(['openssl', 'pkeyutl',
  134. @prov,
  135. '-decrypt',
  136. '-inkey', $key_file,
  137. '-pkeyopt', 'pad-mode:oaep',
  138. '-pkeyopt', 'oaep-label:123',
  139. '-pkeyopt', 'digest:sha1',
  140. '-pkeyopt', 'mgf1-digest:sha1',
  141. '-in', $enc3_file,
  142. '-out', $dec3_file]))
  143. && compare_text($dec3_file, $msg_file) == 0,
  144. "RSA OAEP Decryption with explicit default digests");