diff options
author | Nicola Tuveri <nic.tuv@gmail.com> | 2020-06-28 20:23:29 +0300 |
---|---|---|
committer | Nicola Tuveri <nic.tuv@gmail.com> | 2020-07-07 11:58:31 +0300 |
commit | e1c246bd7682fd1b0fcbba5a224f3cacc1ba278d (patch) | |
tree | db9e22b66dd886e71479f9649eaacb15efb055c8 | |
parent | 1940c092a52afd8bc919b8faa5f3d51004503f3a (diff) |
[test][15-test_genec] Improve EC tests with genpkey
Test separately EC parameters and EC key generation.
Some curves only support explicit params encoding.
For some curves we have had cases in which generating the parameters
under certain conditions failed, while generating and serializing a key
under the same conditions did not.
See <https://github.com/openssl/openssl/issues/12306> for more details.
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12308)
-rw-r--r-- | test/recipes/15-test_genec.t | 147 |
1 files changed, 137 insertions, 10 deletions
diff --git a/test/recipes/15-test_genec.t b/test/recipes/15-test_genec.t index b778d6f536..1b7ec026fa 100644 --- a/test/recipes/15-test_genec.t +++ b/test/recipes/15-test_genec.t @@ -102,10 +102,14 @@ my @binary_curves = qw( wap-wsg-idm-ecid-wtls5 wap-wsg-idm-ecid-wtls10 wap-wsg-idm-ecid-wtls11 - Oakley-EC2N-3 - Oakley-EC2N-4 ); +my @explicit_only_curves = (); +push(@explicit_only_curves, qw( + Oakley-EC2N-3 + Oakley-EC2N-4 + )) if !disabled("ec2m"); + my @other_curves = (); push(@other_curves, 'SM2') if !disabled("sm2"); @@ -143,13 +147,27 @@ my @output_formats = ('PEM', 'DER'); plan tests => scalar(@curve_list) * scalar(@params_encodings) * (1 + scalar(@output_formats)) # Try listed @output_formats and text output + * 2 # Test generating parameters and keys + 1 # Checking that with no curve it fails + 1 # Checking that with unknown curve it fails + + 1 # Subtest for explicit only curves ; +ok(!run(app([ 'openssl', 'genpkey', + '-algorithm', 'EC'])), + "genpkey EC with no params should fail"); + +ok(!run(app([ 'openssl', 'genpkey', + '-algorithm', 'EC', + '-pkeyopt', 'ec_paramgen_curve:bogus_foobar_curve'])), + "genpkey EC with unknown curve name should fail"); + foreach my $curvename (@curve_list) { foreach my $paramenc (@params_encodings) { - ok(run(app([ 'openssl', 'genpkey', + + # --- Test generating parameters --- + + ok(run(app([ 'openssl', 'genpkey', '-genparam', '-algorithm', 'EC', '-pkeyopt', 'ec_paramgen_curve:'.$curvename, '-pkeyopt', 'ec_param_enc:'.$paramenc, @@ -166,14 +184,123 @@ foreach my $curvename (@curve_list) { '-out', $outfile])), "genpkey EC params ${curvename} with ec_param_enc:'${paramenc}' (${outform})"); } + + # --- Test generating actual keys --- + + ok(run(app([ 'openssl', 'genpkey', + '-algorithm', 'EC', + '-pkeyopt', 'ec_paramgen_curve:'.$curvename, + '-pkeyopt', 'ec_param_enc:'.$paramenc, + '-text'])), + "genpkey EC key on ${curvename} with ec_param_enc:'${paramenc}' (text)"); + + foreach my $outform (@output_formats) { + my $outfile = "ecgen.${curvename}.${paramenc}." . lc $outform; + ok(run(app([ 'openssl', 'genpkey', + '-algorithm', 'EC', + '-pkeyopt', 'ec_paramgen_curve:'.$curvename, + '-pkeyopt', 'ec_param_enc:'.$paramenc, + '-outform', $outform, + '-out', $outfile])), + "genpkey EC key on ${curvename} with ec_param_enc:'${paramenc}' (${outform})"); + } } } -ok(!run(app([ 'openssl', 'genpkey', - '-algorithm', 'EC'])), - "genpkey EC with no params should fail"); +subtest "test curves that only support explicit parameters encoding" => sub { + @curve_list = @explicit_only_curves; -ok(!run(app([ 'openssl', 'genpkey', - '-algorithm', 'EC', - '-pkeyopt', 'ec_paramgen_curve:bogus_foobar_curve'])), - "genpkey EC with unknown curve name should fail"); + plan skip_all => "This test is unsupported under current configuration" + if scalar(@curve_list) <= 0; + + plan tests => scalar(@curve_list) * scalar(@params_encodings) + * (1 + scalar(@output_formats)) # Try listed @output_formats and text output + * 2 # Test generating parameters and keys + ; + + foreach my $curvename (@curve_list) { + my $paramenc = "explicit"; + + # --- Test generating parameters --- + + ok(run(app([ 'openssl', 'genpkey', '-genparam', + '-algorithm', 'EC', + '-pkeyopt', 'ec_paramgen_curve:'.$curvename, + '-pkeyopt', 'ec_param_enc:'.$paramenc, + '-text'])), + "genpkey EC params ${curvename} with ec_param_enc:'${paramenc}' (text)"); + + foreach my $outform (@output_formats) { + my $outfile = "ecgen.${curvename}.${paramenc}." . lc $outform; + ok(run(app([ 'openssl', 'genpkey', '-genparam', + '-algorithm', 'EC', + '-pkeyopt', 'ec_paramgen_curve:'.$curvename, + '-pkeyopt', 'ec_param_enc:'.$paramenc, + '-outform', $outform, + '-out', $outfile])), + "genpkey EC params ${curvename} with ec_param_enc:'${paramenc}' (${outform})"); + } + + # --- Test generating actual keys --- + + ok(run(app([ 'openssl', 'genpkey', + '-algorithm', 'EC', + '-pkeyopt', 'ec_paramgen_curve:'.$curvename, + '-pkeyopt', 'ec_param_enc:'.$paramenc, + '-text'])), + "genpkey EC key on ${curvename} with ec_param_enc:'${paramenc}' (text)"); + + foreach my $outform (@output_formats) { + my $outfile = "ecgen.${curvename}.${paramenc}." . lc $outform; + ok(run(app([ 'openssl', 'genpkey', + '-algorithm', 'EC', + '-pkeyopt', 'ec_paramgen_curve:'.$curvename, + '-pkeyopt', 'ec_param_enc:'.$paramenc, + '-outform', $outform, + '-out', $outfile])), + "genpkey EC key on ${curvename} with ec_param_enc:'${paramenc}' (${outform})"); + } + + my $paramenc = "named_curve"; + + # --- Test generating parameters --- + + ok(!run(app([ 'openssl', 'genpkey', '-genparam', + '-algorithm', 'EC', + '-pkeyopt', 'ec_paramgen_curve:'.$curvename, + '-pkeyopt', 'ec_param_enc:'.$paramenc, + '-text'])), + "genpkey EC params ${curvename} with ec_param_enc:'${paramenc}' (text)"); + + foreach my $outform (@output_formats) { + my $outfile = "ecgen.${curvename}.${paramenc}." . lc $outform; + ok(!run(app([ 'openssl', 'genpkey', '-genparam', + '-algorithm', 'EC', + '-pkeyopt', 'ec_paramgen_curve:'.$curvename, + '-pkeyopt', 'ec_param_enc:'.$paramenc, + '-outform', $outform, + '-out', $outfile])), + "genpkey EC params ${curvename} with ec_param_enc:'${paramenc}' (${outform})"); + } + + # --- Test generating actual keys --- + + ok(!run(app([ 'openssl', 'genpkey', + '-algorithm', 'EC', + '-pkeyopt', 'ec_paramgen_curve:'.$curvename, + '-pkeyopt', 'ec_param_enc:'.$paramenc, + '-text'])), + "genpkey EC key on ${curvename} with ec_param_enc:'${paramenc}' (text)"); + + foreach my $outform (@output_formats) { + my $outfile = "ecgen.${curvename}.${paramenc}." . lc $outform; + ok(!run(app([ 'openssl', 'genpkey', + '-algorithm', 'EC', + '-pkeyopt', 'ec_paramgen_curve:'.$curvename, + '-pkeyopt', 'ec_param_enc:'.$paramenc, + '-outform', $outform, + '-out', $outfile])), + "genpkey EC key on ${curvename} with ec_param_enc:'${paramenc}' (${outform})"); + } + } +}; |