15-test_genec.t 9.1 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306
  1. #! /usr/bin/env perl
  2. # Copyright 2017-2020 The OpenSSL Project Authors. All Rights Reserved.
  3. #
  4. # Licensed under the Apache License 2.0 (the "License"). You may not use
  5. # this file except in compliance with the License. You can obtain a copy
  6. # in the file LICENSE in the source distribution or at
  7. # https://www.openssl.org/source/license.html
  8. use strict;
  9. use warnings;
  10. use File::Spec;
  11. use OpenSSL::Test qw/:DEFAULT srctop_file/;
  12. use OpenSSL::Test::Utils;
  13. # 'supported' and 'unsupported' reflect the current state of things. In
  14. # Test::More terms, 'supported' works exactly like ok(run(whatever)), while
  15. # 'unsupported' wraps that in a TODO: { } block.
  16. #
  17. # The first argument is the test name (this becomes the last argument to
  18. # 'ok')
  19. # The remaining argument are passed unchecked to 'run'.
  20. # 1: the result of app() or similar, i.e. something you can pass to
  21. sub supported_pass {
  22. my $str = shift;
  23. ok(run(@_), $str);
  24. }
  25. sub supported_fail {
  26. my $str = shift;
  27. ok(!run(@_), $str);
  28. }
  29. setup("test_genec");
  30. plan skip_all => "This test is unsupported in a no-ec build"
  31. if disabled("ec");
  32. my @prime_curves = qw(
  33. secp112r1
  34. secp112r2
  35. secp128r1
  36. secp128r2
  37. secp160k1
  38. secp160r1
  39. secp160r2
  40. secp192k1
  41. secp224k1
  42. secp224r1
  43. secp256k1
  44. secp384r1
  45. secp521r1
  46. prime192v1
  47. prime192v2
  48. prime192v3
  49. prime239v1
  50. prime239v2
  51. prime239v3
  52. prime256v1
  53. wap-wsg-idm-ecid-wtls6
  54. wap-wsg-idm-ecid-wtls7
  55. wap-wsg-idm-ecid-wtls8
  56. wap-wsg-idm-ecid-wtls9
  57. wap-wsg-idm-ecid-wtls12
  58. brainpoolP160r1
  59. brainpoolP160t1
  60. brainpoolP192r1
  61. brainpoolP192t1
  62. brainpoolP224r1
  63. brainpoolP224t1
  64. brainpoolP256r1
  65. brainpoolP256t1
  66. brainpoolP320r1
  67. brainpoolP320t1
  68. brainpoolP384r1
  69. brainpoolP384t1
  70. brainpoolP512r1
  71. brainpoolP512t1
  72. );
  73. my @binary_curves = qw(
  74. sect113r1
  75. sect113r2
  76. sect131r1
  77. sect131r2
  78. sect163k1
  79. sect163r1
  80. sect163r2
  81. sect193r1
  82. sect193r2
  83. sect233k1
  84. sect233r1
  85. sect239k1
  86. sect283k1
  87. sect283r1
  88. sect409k1
  89. sect409r1
  90. sect571k1
  91. sect571r1
  92. c2pnb163v1
  93. c2pnb163v2
  94. c2pnb163v3
  95. c2pnb176v1
  96. c2tnb191v1
  97. c2tnb191v2
  98. c2tnb191v3
  99. c2pnb208w1
  100. c2tnb239v1
  101. c2tnb239v2
  102. c2tnb239v3
  103. c2pnb272w1
  104. c2pnb304w1
  105. c2tnb359v1
  106. c2pnb368w1
  107. c2tnb431r1
  108. wap-wsg-idm-ecid-wtls1
  109. wap-wsg-idm-ecid-wtls3
  110. wap-wsg-idm-ecid-wtls4
  111. wap-wsg-idm-ecid-wtls5
  112. wap-wsg-idm-ecid-wtls10
  113. wap-wsg-idm-ecid-wtls11
  114. );
  115. my @explicit_only_curves = ();
  116. push(@explicit_only_curves, qw(
  117. Oakley-EC2N-3
  118. Oakley-EC2N-4
  119. )) if !disabled("ec2m");
  120. my @other_curves = ();
  121. push(@other_curves, 'SM2')
  122. if !disabled("sm2");
  123. my @curve_aliases = qw(
  124. P-192
  125. P-224
  126. P-256
  127. P-384
  128. P-521
  129. );
  130. push(@curve_aliases, qw(
  131. B-163
  132. B-233
  133. B-283
  134. B-409
  135. B-571
  136. K-163
  137. K-233
  138. K-283
  139. K-409
  140. K-571
  141. )) if !disabled("ec2m");
  142. my @curve_list = ();
  143. push(@curve_list, @prime_curves);
  144. push(@curve_list, @binary_curves)
  145. if !disabled("ec2m");
  146. push(@curve_list, @other_curves);
  147. push(@curve_list, @curve_aliases);
  148. my %params_encodings =
  149. (
  150. 'named_curve' => \&supported_pass,
  151. 'explicit' => \&supported_pass
  152. );
  153. my @output_formats = ('PEM', 'DER');
  154. plan tests => scalar(@curve_list) * scalar(keys %params_encodings)
  155. * (1 + scalar(@output_formats)) # Try listed @output_formats and text output
  156. * 2 # Test generating parameters and keys
  157. + 1 # Checking that with no curve it fails
  158. + 1 # Checking that with unknown curve it fails
  159. + 1 # Subtest for explicit only curves
  160. + 1 # base serializer test
  161. ;
  162. ok(!run(app([ 'openssl', 'genpkey',
  163. '-algorithm', 'EC'])),
  164. "genpkey EC with no params should fail");
  165. ok(!run(app([ 'openssl', 'genpkey',
  166. '-algorithm', 'EC',
  167. '-pkeyopt', 'ec_paramgen_curve:bogus_foobar_curve'])),
  168. "genpkey EC with unknown curve name should fail");
  169. ok(run(app([ 'openssl', 'genpkey',
  170. '-provider-path', 'providers',
  171. '-provider', 'base',
  172. '-config', srctop_file("test", "default.cnf"),
  173. '-algorithm', 'EC',
  174. '-pkeyopt', 'ec_paramgen_curve:prime256v1',
  175. '-text'])),
  176. "generate a private key and serialize it using the base provider");
  177. foreach my $curvename (@curve_list) {
  178. foreach my $paramenc (sort keys %params_encodings) {
  179. my $fn = $params_encodings{$paramenc};
  180. # --- Test generating parameters ---
  181. $fn->("genpkey EC params ${curvename} with ec_param_enc:'${paramenc}' (text)",
  182. app([ 'openssl', 'genpkey', '-genparam',
  183. '-algorithm', 'EC',
  184. '-pkeyopt', 'ec_paramgen_curve:'.$curvename,
  185. '-pkeyopt', 'ec_param_enc:'.$paramenc,
  186. '-text']));
  187. foreach my $outform (@output_formats) {
  188. my $outfile = "ecgen.${curvename}.${paramenc}." . lc $outform;
  189. $fn->("genpkey EC params ${curvename} with ec_param_enc:'${paramenc}' (${outform})",
  190. app([ 'openssl', 'genpkey', '-genparam',
  191. '-algorithm', 'EC',
  192. '-pkeyopt', 'ec_paramgen_curve:'.$curvename,
  193. '-pkeyopt', 'ec_param_enc:'.$paramenc,
  194. '-outform', $outform,
  195. '-out', $outfile]));
  196. }
  197. # --- Test generating actual keys ---
  198. $fn->("genpkey EC key on ${curvename} with ec_param_enc:'${paramenc}' (text)",
  199. app([ 'openssl', 'genpkey',
  200. '-algorithm', 'EC',
  201. '-pkeyopt', 'ec_paramgen_curve:'.$curvename,
  202. '-pkeyopt', 'ec_param_enc:'.$paramenc,
  203. '-text']));
  204. foreach my $outform (@output_formats) {
  205. my $outfile = "ecgen.${curvename}.${paramenc}." . lc $outform;
  206. $fn->("genpkey EC key on ${curvename} with ec_param_enc:'${paramenc}' (${outform})",
  207. app([ 'openssl', 'genpkey',
  208. '-algorithm', 'EC',
  209. '-pkeyopt', 'ec_paramgen_curve:'.$curvename,
  210. '-pkeyopt', 'ec_param_enc:'.$paramenc,
  211. '-outform', $outform,
  212. '-out', $outfile]));
  213. }
  214. }
  215. }
  216. subtest "test curves that only support explicit parameters encoding" => sub {
  217. plan skip_all => "This test is unsupported under current configuration"
  218. if scalar(@explicit_only_curves) <= 0;
  219. plan tests => scalar(@explicit_only_curves) * scalar(keys %params_encodings)
  220. * (1 + scalar(@output_formats)) # Try listed @output_formats and text output
  221. * 2 # Test generating parameters and keys
  222. ;
  223. my %params_encodings =
  224. (
  225. 'named_curve' => \&supported_fail,
  226. 'explicit' => \&supported_pass
  227. );
  228. foreach my $curvename (@explicit_only_curves) {
  229. foreach my $paramenc (sort keys %params_encodings) {
  230. my $fn = $params_encodings{$paramenc};
  231. # --- Test generating parameters ---
  232. $fn->("genpkey EC params ${curvename} with ec_param_enc:'${paramenc}' (text)",
  233. app([ 'openssl', 'genpkey', '-genparam',
  234. '-algorithm', 'EC',
  235. '-pkeyopt', 'ec_paramgen_curve:'.$curvename,
  236. '-pkeyopt', 'ec_param_enc:'.$paramenc,
  237. '-text']));
  238. foreach my $outform (@output_formats) {
  239. my $outfile = "ecgen.${curvename}.${paramenc}." . lc $outform;
  240. $fn->("genpkey EC params ${curvename} with ec_param_enc:'${paramenc}' (${outform})",
  241. app([ 'openssl', 'genpkey', '-genparam',
  242. '-algorithm', 'EC',
  243. '-pkeyopt', 'ec_paramgen_curve:'.$curvename,
  244. '-pkeyopt', 'ec_param_enc:'.$paramenc,
  245. '-outform', $outform,
  246. '-out', $outfile]));
  247. }
  248. # --- Test generating actual keys ---
  249. $fn->("genpkey EC key on ${curvename} with ec_param_enc:'${paramenc}' (text)",
  250. app([ 'openssl', 'genpkey',
  251. '-algorithm', 'EC',
  252. '-pkeyopt', 'ec_paramgen_curve:'.$curvename,
  253. '-pkeyopt', 'ec_param_enc:'.$paramenc,
  254. '-text']));
  255. foreach my $outform (@output_formats) {
  256. my $outfile = "ecgen.${curvename}.${paramenc}." . lc $outform;
  257. $fn->("genpkey EC key on ${curvename} with ec_param_enc:'${paramenc}' (${outform})",
  258. app([ 'openssl', 'genpkey',
  259. '-algorithm', 'EC',
  260. '-pkeyopt', 'ec_paramgen_curve:'.$curvename,
  261. '-pkeyopt', 'ec_param_enc:'.$paramenc,
  262. '-outform', $outform,
  263. '-out', $outfile]));
  264. }
  265. }
  266. }
  267. };