123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171 |
- #! /usr/bin/env perl
- # Copyright 2020 The OpenSSL Project Authors. All Rights Reserved.
- #
- # Licensed under the Apache License 2.0 (the "License"). You may not use
- # this file except in compliance with the License. You can obtain a copy
- # in the file LICENSE in the source distribution or at
- # https://www.openssl.org/source/license.html
- use strict;
- use warnings;
- use OpenSSL::Test qw(:DEFAULT data_file bldtop_dir srctop_file srctop_dir bldtop_file);
- use OpenSSL::Test::Utils;
- use File::Compare qw/compare_text/;
- BEGIN {
- setup("test_rsaoaep");
- }
- use lib srctop_dir('Configurations');
- use lib bldtop_dir('.');
- use platform;
- my $no_fips = disabled('fips') || ($ENV{NO_FIPS} // 0);
- my $no_check = disabled('fips-securitychecks');
- plan tests =>
- ($no_fips ? 0 : 1 + ($no_check ? 0 : 1)) # FIPS install test
- + 9;
- my @prov = ( );
- my $provconf = srctop_file("test", "fips-and-base.cnf");
- my $provpath = bldtop_dir("providers");
- my $msg_file = data_file("plain_text");
- my $enc1_file = "enc1.bin";
- my $enc2_file = "enc2.bin";
- my $enc3_file = "enc3.bin";
- my $dec1_file = "dec1.txt";
- my $dec2_file = "dec2.txt";
- my $dec3_file = "dec3.txt";
- my $key_file = srctop_file("test", "testrsa2048.pem");
- my $small_key_file = srctop_file("test", "testrsa.pem");
- unless ($no_fips) {
- @prov = ( "-provider-path", $provpath, "-config", $provconf );
- my $infile = bldtop_file('providers', platform->dso('fips'));
- ok(run(app(['openssl', 'fipsinstall',
- '-out', bldtop_file('providers', 'fipsmodule.cnf'),
- '-module', $infile])),
- "fipsinstall");
- $ENV{OPENSSL_TEST_LIBCTX} = "1";
- unless ($no_check) {
- ok(!run(app(['openssl', 'pkeyutl',
- @prov,
- '-encrypt',
- '-in', $msg_file,
- '-inkey', $small_key_file,
- '-pkeyopt', 'pad-mode:oaep',
- '-pkeyopt', 'oaep-label:123',
- '-pkeyopt', 'digest:sha1',
- '-pkeyopt', 'mgf1-digest:sha1',
- '-out', $enc1_file])),
- "RSA OAEP Encryption with a key smaller than 2048 in fips mode should fail");
- }
- }
- ok(run(app(['openssl', 'pkeyutl',
- @prov,
- '-encrypt',
- '-in', $msg_file,
- '-inkey', $key_file,
- '-pkeyopt', 'pad-mode:oaep',
- '-pkeyopt', 'oaep-label:123',
- '-pkeyopt', 'digest:sha1',
- '-pkeyopt', 'mgf1-digest:sha1',
- '-out', $enc1_file])),
- "RSA OAEP Encryption");
- ok(!run(app(['openssl', 'pkeyutl',
- @prov,
- '-encrypt',
- '-in', $key_file,
- '-inkey', $key_file,
- '-pkeyopt', 'pad-mode:oaep',
- '-pkeyopt', 'oaep-label:123',
- '-pkeyopt', 'digest:sha256',
- '-pkeyopt', 'mgf1-digest:sha1'])),
- "RSA OAEP Encryption should fail if the message is larger than the rsa modulus");
- ok(run(app(['openssl', 'pkeyutl',
- @prov,
- '-decrypt',
- '-inkey', $key_file,
- '-pkeyopt', 'pad-mode:oaep',
- '-pkeyopt', 'oaep-label:123',
- '-pkeyopt', 'digest:sha1',
- '-pkeyopt', 'mgf1-digest:sha1',
- '-in', $enc1_file,
- '-out', $dec1_file]))
- && compare_text($dec1_file, $msg_file) == 0,
- "RSA OAEP Decryption");
- ok(!run(app(['openssl', 'pkeyutl',
- @prov,
- '-decrypt',
- '-inkey', $key_file,
- '-pkeyopt', 'pad-mode:oaep',
- '-pkeyopt', 'oaep-label:123',
- '-pkeyopt', 'digest:sha256',
- '-pkeyopt', 'mgf1-digest:sha224',
- '-in', $enc1_file])),
- "Incorrect digest for RSA OAEP Decryption");
- ok(!run(app(['openssl', 'pkeyutl',
- @prov,
- '-decrypt',
- '-inkey', $key_file,
- '-pkeyopt', 'pad-mode:oaep',
- '-pkeyopt', 'oaep-label:123',
- '-pkeyopt', 'digest:sha1',
- '-pkeyopt', 'mgf1-digest:sha224',
- '-in', $enc1_file])),
- "Incorrect mgf1-digest for RSA OAEP Decryption");
- ok(run(app(['openssl', 'pkeyutl',
- @prov,
- '-encrypt',
- '-in', $msg_file,
- '-inkey', $key_file,
- '-pkeyopt', 'pad-mode:oaep',
- '-pkeyopt', 'oaep-label:123',
- '-pkeyopt', 'digest:sha1',
- '-pkeyopt', 'mgf1-digest:sha1',
- '-out', $enc2_file]))
- && compare_text($enc2_file, $enc1_file) != 0,
- "RSA OAEP Encryption should generate different encrypted data");
- ok(run(app(['openssl', 'pkeyutl',
- @prov,
- '-decrypt',
- '-inkey', $key_file,
- '-pkeyopt', 'pad-mode:oaep',
- '-pkeyopt', 'oaep-label:123',
- '-in', $enc2_file,
- '-out', $dec2_file]))
- && compare_text($dec2_file, $msg_file) == 0,
- "RSA OAEP Decryption with default digests");
- ok(run(app(['openssl', 'pkeyutl',
- @prov,
- '-encrypt',
- '-in', $msg_file,
- '-inkey', $key_file,
- '-pkeyopt', 'pad-mode:oaep',
- '-pkeyopt', 'oaep-label:123',
- '-out', $enc3_file])),
- "RSA OAEP Encryption with default digests");
- ok(run(app(['openssl', 'pkeyutl',
- @prov,
- '-decrypt',
- '-inkey', $key_file,
- '-pkeyopt', 'pad-mode:oaep',
- '-pkeyopt', 'oaep-label:123',
- '-pkeyopt', 'digest:sha1',
- '-pkeyopt', 'mgf1-digest:sha1',
- '-in', $enc3_file,
- '-out', $dec3_file]))
- && compare_text($dec3_file, $msg_file) == 0,
- "RSA OAEP Decryption with explicit default digests");
|