diff options
author | Nicola Tuveri <nic.tuv@gmail.com> | 2020-06-28 20:03:53 +0300 |
---|---|---|
committer | Nicola Tuveri <nic.tuv@gmail.com> | 2020-07-06 19:15:36 +0300 |
commit | 1c9761d0b547d2d135037d215cd16feb4d0b698c (patch) | |
tree | 708d15edfe148aa9c26bfbce4be43cb7422e0757 /test/recipes | |
parent | 466d30c0d7fa861a5fcbaebd2e2010a8c2aea322 (diff) | |
download | openssl-1c9761d0b547d2d135037d215cd16feb4d0b698c.tar.gz |
[test][15-test_genec] Improve EC tests with genpkey
Test separately EC parameters and EC key generation.
Some curves only support explicit params encoding.
For some curves we have had cases in which generating the parameters
under certain conditions failed, while generating and serializing a key
under the same conditions did not.
See <https://github.com/openssl/openssl/issues/12306> for more details.
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12307)
Diffstat (limited to 'test/recipes')
-rw-r--r-- | test/recipes/15-test_genec.t | 133 |
1 files changed, 119 insertions, 14 deletions
diff --git a/test/recipes/15-test_genec.t b/test/recipes/15-test_genec.t index d4547e5849..b46147ca10 100644 --- a/test/recipes/15-test_genec.t +++ b/test/recipes/15-test_genec.t @@ -23,13 +23,13 @@ use OpenSSL::Test::Utils; # The remaining argument are passed unchecked to 'run'. # 1: the result of app() or similar, i.e. something you can pass to -sub supported { +sub supported_pass { my $str = shift; ok(run(@_), $str); } -sub unsupported { +sub unsupported_pass { my $str = shift; TODO: { local $TODO = "Currently not supported"; @@ -38,6 +38,20 @@ sub unsupported { } } +sub supported_fail { + my $str = shift; + + ok(!run(@_), $str); +} + +sub unsupported_fail { + my $str = shift; + TODO: { + local $TODO = "Currently not supported"; + + ok(!run(@_), $str); + } +} setup("test_genec"); @@ -127,10 +141,14 @@ my @binary_curves = qw( wap-wsg-idm-ecid-wtls5 wap-wsg-idm-ecid-wtls10 wap-wsg-idm-ecid-wtls11 - Oakley-EC2N-3 - Oakley-EC2N-4 ); +my @explicit_only_curves = (); +push(@explicit_only_curves, qw( + Oakley-EC2N-3 + Oakley-EC2N-4 + )) if !disabled("ec2m"); + my @other_curves = (); push(@other_curves, 'SM2') if !disabled("sm2"); @@ -164,23 +182,37 @@ push(@curve_list, @curve_aliases); my %params_encodings = ( - 'named_curve' => \&supported, - 'explicit' => \&unsupported + 'named_curve' => \&supported_pass, + 'explicit' => \&unsupported_pass ); my @output_formats = ('PEM', 'DER'); plan tests => scalar(@curve_list) * scalar(keys %params_encodings) * (1 + scalar(@output_formats)) # Try listed @output_formats and text output + * 2 # Test generating parameters and keys + 1 # Checking that with no curve it fails + 1 # Checking that with unknown curve it fails + + 1 # Subtest for explicit only curves ; +ok(!run(app([ 'openssl', 'genpkey', + '-algorithm', 'EC'])), + "genpkey EC with no params should fail"); + +ok(!run(app([ 'openssl', 'genpkey', + '-algorithm', 'EC', + '-pkeyopt', 'ec_paramgen_curve:bogus_foobar_curve'])), + "genpkey EC with unknown curve name should fail"); + foreach my $curvename (@curve_list) { foreach my $paramenc (sort keys %params_encodings) { my $fn = $params_encodings{$paramenc}; + + # --- Test generating parameters --- + $fn->("genpkey EC params ${curvename} with ec_param_enc:'${paramenc}' (text)", - app([ 'openssl', 'genpkey', + app([ 'openssl', 'genpkey', '-genparam', '-algorithm', 'EC', '-pkeyopt', 'ec_paramgen_curve:'.$curvename, '-pkeyopt', 'ec_param_enc:'.$paramenc, @@ -196,14 +228,87 @@ foreach my $curvename (@curve_list) { '-outform', $outform, '-out', $outfile])); } + + # --- Test generating actual keys --- + + $fn->("genpkey EC key on ${curvename} with ec_param_enc:'${paramenc}' (text)", + app([ 'openssl', 'genpkey', + '-algorithm', 'EC', + '-pkeyopt', 'ec_paramgen_curve:'.$curvename, + '-pkeyopt', 'ec_param_enc:'.$paramenc, + '-text'])); + + foreach my $outform (@output_formats) { + my $outfile = "ecgen.${curvename}.${paramenc}." . lc $outform; + $fn->("genpkey EC key on ${curvename} with ec_param_enc:'${paramenc}' (${outform})", + app([ 'openssl', 'genpkey', + '-algorithm', 'EC', + '-pkeyopt', 'ec_paramgen_curve:'.$curvename, + '-pkeyopt', 'ec_param_enc:'.$paramenc, + '-outform', $outform, + '-out', $outfile])); + } } } -ok(!run(app([ 'openssl', 'genpkey', - '-algorithm', 'EC'])), - "genpkey EC with no params should fail"); +subtest "test curves that only support explicit parameters encoding" => sub { + plan skip_all => "This test is unsupported under current configuration" + if scalar(@explicit_only_curves) <= 0; -ok(!run(app([ 'openssl', 'genpkey', - '-algorithm', 'EC', - '-pkeyopt', 'ec_paramgen_curve:bogus_foobar_curve'])), - "genpkey EC with unknown curve name should fail"); + plan tests => scalar(@explicit_only_curves) * scalar(keys %params_encodings) + * (1 + scalar(@output_formats)) # Try listed @output_formats and text output + * 2 # Test generating parameters and keys + ; + + my %params_encodings = + ( + 'named_curve' => \&supported_fail, + 'explicit' => \&unsupported_pass + ); + + foreach my $curvename (@explicit_only_curves) { + foreach my $paramenc (sort keys %params_encodings) { + my $fn = $params_encodings{$paramenc}; + + # --- Test generating parameters --- + + $fn->("genpkey EC params ${curvename} with ec_param_enc:'${paramenc}' (text)", + app([ 'openssl', 'genpkey', '-genparam', + '-algorithm', 'EC', + '-pkeyopt', 'ec_paramgen_curve:'.$curvename, + '-pkeyopt', 'ec_param_enc:'.$paramenc, + '-text'])); + + foreach my $outform (@output_formats) { + my $outfile = "ecgen.${curvename}.${paramenc}." . lc $outform; + $fn->("genpkey EC params ${curvename} with ec_param_enc:'${paramenc}' (${outform})", + app([ 'openssl', 'genpkey', '-genparam', + '-algorithm', 'EC', + '-pkeyopt', 'ec_paramgen_curve:'.$curvename, + '-pkeyopt', 'ec_param_enc:'.$paramenc, + '-outform', $outform, + '-out', $outfile])); + } + + # --- Test generating actual keys --- + + $fn->("genpkey EC key on ${curvename} with ec_param_enc:'${paramenc}' (text)", + app([ 'openssl', 'genpkey', + '-algorithm', 'EC', + '-pkeyopt', 'ec_paramgen_curve:'.$curvename, + '-pkeyopt', 'ec_param_enc:'.$paramenc, + '-text'])); + + foreach my $outform (@output_formats) { + my $outfile = "ecgen.${curvename}.${paramenc}." . lc $outform; + $fn->("genpkey EC key on ${curvename} with ec_param_enc:'${paramenc}' (${outform})", + app([ 'openssl', 'genpkey', + '-algorithm', 'EC', + '-pkeyopt', 'ec_paramgen_curve:'.$curvename, + '-pkeyopt', 'ec_param_enc:'.$paramenc, + '-outform', $outform, + '-out', $outfile])); + } + } + } +}; |