1ef5fc3feSchristos#! /usr/bin/env perl 2*66bae5e7Schristos# Copyright 2015-2022 The OpenSSL Project Authors. All Rights Reserved. 3ef5fc3feSchristos# 4*66bae5e7Schristos# Licensed under the Apache License 2.0 (the "License"). You may not use 5ef5fc3feSchristos# this file except in compliance with the License. You can obtain a copy 6ef5fc3feSchristos# in the file LICENSE in the source distribution or at 7ef5fc3feSchristos# https://www.openssl.org/source/license.html 8ef5fc3feSchristos 9ef5fc3feSchristos 10ef5fc3feSchristosuse strict; 11ef5fc3feSchristosuse warnings; 12ef5fc3feSchristos 13ef5fc3feSchristosuse File::Spec; 14ef5fc3feSchristosuse OpenSSL::Test qw/:DEFAULT srctop_file/; 15ef5fc3feSchristosuse OpenSSL::Test::Utils; 16ef5fc3feSchristos 17ef5fc3feSchristossetup("test_ec"); 18ef5fc3feSchristos 19*66bae5e7Schristosplan skip_all => 'EC is not supported in this build' if disabled('ec'); 20*66bae5e7Schristos 21*66bae5e7Schristosplan tests => 15; 22*66bae5e7Schristos 23*66bae5e7Schristosmy $no_fips = disabled('fips') || ($ENV{NO_FIPS} // 0); 24ef5fc3feSchristos 25ef5fc3feSchristosrequire_ok(srctop_file('test','recipes','tconversion.pl')); 26ef5fc3feSchristos 27ef5fc3feSchristosok(run(test(["ectest"])), "running ectest"); 28ef5fc3feSchristos 29*66bae5e7Schristos# TODO: remove these when the 'ec' app is removed. 30*66bae5e7Schristos# Also consider moving this to the 20-25 test section because it is testing 31*66bae5e7Schristos# the command line tool in addition to the algorithm. 3279323285Schristossubtest 'EC conversions -- private key' => sub { 33*66bae5e7Schristos tconversion( -type => 'ec', -prefix => 'ec-priv', 34*66bae5e7Schristos -in => srctop_file("test","testec-p256.pem") ); 35ef5fc3feSchristos}; 3679323285Schristossubtest 'EC conversions -- private key PKCS#8' => sub { 37*66bae5e7Schristos tconversion( -type => 'ec', -prefix => 'ec-pkcs8', 38*66bae5e7Schristos -in => srctop_file("test","testec-p256.pem"), 39*66bae5e7Schristos -args => "pkey" ); 40ef5fc3feSchristos}; 4179323285Schristossubtest 'EC conversions -- public key' => sub { 42*66bae5e7Schristos tconversion( -type => 'ec', -prefix => 'ec-pub', 43*66bae5e7Schristos -in => srctop_file("test","testecpub-p256.pem"), 44*66bae5e7Schristos -args => [ "ec", "-pubin", "-pubout" ] ); 4579323285Schristos}; 4679323285Schristos 47*66bae5e7Schristossubtest 'PKEY conversions -- private key' => sub { 48*66bae5e7Schristos tconversion( -type => 'pkey', -prefix => 'ec-pkey-priv', 49*66bae5e7Schristos -in => srctop_file("test","testec-p256.pem") ); 50*66bae5e7Schristos}; 51*66bae5e7Schristossubtest 'PKEY conversions -- private key PKCS#8' => sub { 52*66bae5e7Schristos tconversion( -type => 'pkey', -prefix => 'ec-pkey-pkcs8', 53*66bae5e7Schristos -in => srctop_file("test","testec-p256.pem"), 54*66bae5e7Schristos -args => "pkey" ); 55*66bae5e7Schristos}; 56*66bae5e7Schristossubtest 'PKEY conversions -- public key' => sub { 57*66bae5e7Schristos tconversion( -type => 'pkey', -prefix => 'ec-pkey-pub', 58*66bae5e7Schristos -in => srctop_file("test","testecpub-p256.pem"), 59*66bae5e7Schristos -args => [ "pkey", "-pubin", "-pubout" ] ); 60*66bae5e7Schristos}; 6179323285Schristos 6279323285Schristossubtest 'Ed25519 conversions -- private key' => sub { 63*66bae5e7Schristos tconversion( -type => "pkey", -prefix => "ed25519-pkey-priv", 64*66bae5e7Schristos -in => srctop_file("test", "tested25519.pem") ); 6579323285Schristos}; 6679323285Schristossubtest 'Ed25519 conversions -- private key PKCS#8' => sub { 67*66bae5e7Schristos tconversion( -type => "pkey", -prefix => "ed25519-pkey-pkcs8", 68*66bae5e7Schristos -in => srctop_file("test", "tested25519.pem"), 69*66bae5e7Schristos -args => ["pkey"] ); 7079323285Schristos}; 7179323285Schristossubtest 'Ed25519 conversions -- public key' => sub { 72*66bae5e7Schristos tconversion( -type => "pkey", -prefix => "ed25519-pkey-pub", 73*66bae5e7Schristos -in => srctop_file("test", "tested25519pub.pem"), 74*66bae5e7Schristos -args => ["pkey", "-pubin", "-pubout"] ); 7579323285Schristos}; 7679323285Schristossubtest 'Ed448 conversions -- private key' => sub { 77*66bae5e7Schristos tconversion( -type => "pkey", -prefix => "ed448-pkey-priv", 78*66bae5e7Schristos -in => srctop_file("test", "tested448.pem") ); 7979323285Schristos}; 8079323285Schristossubtest 'Ed448 conversions -- private key PKCS#8' => sub { 81*66bae5e7Schristos tconversion( -type => "pkey", -prefix => "ed448-pkey-pkcs8", 82*66bae5e7Schristos -in => srctop_file("test", "tested448.pem"), 83*66bae5e7Schristos -args => ["pkey"] ); 8479323285Schristos}; 8579323285Schristossubtest 'Ed448 conversions -- public key' => sub { 86*66bae5e7Schristos tconversion( -type => "pkey", -prefix => "ed448-pkey-pub", 87*66bae5e7Schristos -in => srctop_file("test", "tested448pub.pem"), 88*66bae5e7Schristos -args => ["pkey", "-pubin", "-pubout"] ); 89ef5fc3feSchristos}; 90*66bae5e7Schristos 91*66bae5e7Schristossubtest 'Check loading of fips and non-fips keys' => sub { 92*66bae5e7Schristos plan skip_all => "FIPS is disabled" 93*66bae5e7Schristos if $no_fips; 94*66bae5e7Schristos 95*66bae5e7Schristos plan tests => 2; 96*66bae5e7Schristos 97*66bae5e7Schristos my $fipsconf = srctop_file("test", "fips-and-base.cnf"); 98*66bae5e7Schristos $ENV{OPENSSL_CONF} = $fipsconf; 99*66bae5e7Schristos 100*66bae5e7Schristos ok(!run(app(['openssl', 'pkey', 101*66bae5e7Schristos '-check', '-in', srctop_file("test", "testec-p112r1.pem")])), 102*66bae5e7Schristos "Checking non-fips curve key fails in FIPS provider"); 103*66bae5e7Schristos 104*66bae5e7Schristos ok(run(app(['openssl', 'pkey', 105*66bae5e7Schristos '-provider', 'default', 106*66bae5e7Schristos '-propquery', '?fips!=yes', 107*66bae5e7Schristos '-check', '-in', srctop_file("test", "testec-p112r1.pem")])), 108*66bae5e7Schristos "Checking non-fips curve key succeeds with non-fips property query"); 109*66bae5e7Schristos 110*66bae5e7Schristos delete $ENV{OPENSSL_CONF}; 111ef5fc3feSchristos} 112