Home | History | Annotate | Line # | Download | only in recipes 
      1 #! /usr/bin/env perl
      2 # Copyright 2015-2025 The OpenSSL Project Authors. All Rights Reserved.
      3 #
      4 # Licensed under the Apache License 2.0 (the "License").  You may not use
      5 # this file except in compliance with the License.  You can obtain a copy
      6 # in the file LICENSE in the source distribution or at
      7 # https://www.openssl.org/source/license.html
      8 
      9 
     10 use strict;
     11 use warnings;
     12 
     13 use File::Spec;
     14 use OpenSSL::Test qw/:DEFAULT srctop_file/;
     15 use OpenSSL::Test::Utils;
     16 
     17 setup("test_ec");
     18 
     19 plan skip_all => 'EC is not supported in this build' if disabled('ec');
     20 
     21 plan tests => 16;
     22 
     23 my $no_fips = disabled('fips') || ($ENV{NO_FIPS} // 0);
     24 
     25 require_ok(srctop_file('test','recipes','tconversion.pl'));
     26 
     27 ok(run(test(["ectest"])), "running ectest");
     28 
     29 # TODO: remove these when the 'ec' app is removed.
     30 # Also consider moving this to the 20-25 test section because it is testing
     31 # the command line tool in addition to the algorithm.
     32 subtest 'EC conversions -- private key' => sub {
     33     tconversion( -type => 'ec', -prefix => 'ec-priv',
     34                  -in => srctop_file("test","testec-p256.pem") );
     35 };
     36 
     37 SKIP: {
     38     skip "SM2 is not supported by this OpenSSL build", 1
     39         if disabled("sm2");
     40     subtest 'EC conversions -- private key' => sub {
     41         tconversion( -type => 'ec', -prefix => 'sm2-priv',
     42                      -in => srctop_file("test","testec-sm2.pem") );
     43     };
     44 }
     45 
     46 subtest 'EC conversions -- private key PKCS#8' => sub {
     47     tconversion( -type => 'ec', -prefix => 'ec-pkcs8',
     48                  -in => srctop_file("test","testec-p256.pem"),
     49                  -args => "pkey" );
     50 };
     51 subtest 'EC conversions -- public key' => sub {
     52     tconversion( -type => 'ec', -prefix => 'ec-pub',
     53                  -in => srctop_file("test","testecpub-p256.pem"),
     54                  -args => [ "ec", "-pubin", "-pubout" ] );
     55 };
     56 
     57 subtest 'PKEY conversions -- private key' => sub {
     58     tconversion( -type => 'pkey', -prefix => 'ec-pkey-priv',
     59                  -in => srctop_file("test","testec-p256.pem") );
     60 };
     61 subtest 'PKEY conversions -- private key PKCS#8' => sub {
     62     tconversion( -type => 'pkey', -prefix => 'ec-pkey-pkcs8',
     63                  -in => srctop_file("test","testec-p256.pem"),
     64                  -args => "pkey" );
     65 };
     66 subtest 'PKEY conversions -- public key' => sub {
     67     tconversion( -type => 'pkey', -prefix => 'ec-pkey-pub',
     68                  -in => srctop_file("test","testecpub-p256.pem"),
     69                  -args => [ "pkey", "-pubin", "-pubout" ] );
     70 };
     71 
     72 SKIP: {
     73     skip "ECX is not supported by this OpenSSL build", 6
     74         if disabled("ecx");
     75     subtest 'Ed25519 conversions -- private key' => sub {
     76         tconversion( -type => "pkey", -prefix => "ed25519-pkey-priv",
     77                      -in => srctop_file("test", "tested25519.pem") );
     78     };
     79     subtest 'Ed25519 conversions -- private key PKCS#8' => sub {
     80         tconversion( -type => "pkey", -prefix => "ed25519-pkey-pkcs8",
     81                      -in => srctop_file("test", "tested25519.pem"),
     82                      -args => ["pkey"] );
     83     };
     84     subtest 'Ed25519 conversions -- public key' => sub {
     85         tconversion( -type => "pkey", -prefix => "ed25519-pkey-pub",
     86                      -in => srctop_file("test", "tested25519pub.pem"),
     87                      -args => ["pkey", "-pubin", "-pubout"] );
     88     };
     89     subtest 'Ed448 conversions -- private key' => sub {
     90         tconversion( -type => "pkey", -prefix => "ed448-pkey-priv",
     91                      -in => srctop_file("test", "tested448.pem") );
     92     };
     93     subtest 'Ed448 conversions -- private key PKCS#8' => sub {
     94         tconversion( -type => "pkey", -prefix => "ed448-pkey-pkcs8",
     95                      -in => srctop_file("test", "tested448.pem"),
     96                      -args => ["pkey"] );
     97     };
     98     subtest 'Ed448 conversions -- public key' => sub {
     99         tconversion( -type => "pkey", -prefix => "ed448-pkey-pub",
    100                      -in => srctop_file("test", "tested448pub.pem"),
    101                      -args => ["pkey", "-pubin", "-pubout"] );
    102     };
    103 }
    104 
    105 subtest 'Check loading of fips and non-fips keys' => sub {
    106     plan skip_all => "FIPS is disabled"
    107         if $no_fips;
    108 
    109     plan tests => 2;
    110 
    111     my $fipsconf = srctop_file("test", "fips-and-base.cnf");
    112     $ENV{OPENSSL_CONF} = $fipsconf;
    113 
    114     ok(!run(app(['openssl', 'pkey',
    115                  '-check', '-in', srctop_file("test", "testec-p112r1.pem")])),
    116         "Checking non-fips curve key fails in FIPS provider");
    117 
    118     ok(run(app(['openssl', 'pkey',
    119                 '-provider', 'default',
    120                 '-propquery', '?fips!=yes',
    121                 '-check', '-in', srctop_file("test", "testec-p112r1.pem")])),
    122         "Checking non-fips curve key succeeds with non-fips property query");
    123 
    124     delete $ENV{OPENSSL_CONF};
    125 }
    126