diff options
| author | Jakub Zelenka <jakub.openssl@gmail.com> | 2020-09-06 19:11:34 +0100 |
|---|---|---|
| committer | Tomas Mraz <tmraz@fedoraproject.org> | 2020-09-08 15:43:11 +0200 |
| commit | 924663c36d47066d5307937da77fed7e872730c7 (patch) | |
| tree | a60cfe385cc29402bdaceaaa5a8b069ca6a6a50a /test | |
| parent | d96486dc809b5d134055785bfa6d707195d95534 (diff) | |
Add CMS AuthEnvelopedData with AES-GCM support
Add the AuthEnvelopedData as defined in RFC 5083 with AES-GCM
parameter as defined in RFC 5084.
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/8024)
Diffstat (limited to 'test')
| -rw-r--r-- | test/cmsapitest.c | 29 | ||||
| -rw-r--r-- | test/drbgtest.c | 1 | ||||
| -rw-r--r-- | test/recipes/80-test_cms.t | 26 |
3 files changed, 50 insertions, 6 deletions
diff --git a/test/cmsapitest.c b/test/cmsapitest.c index 697daa814d..f90200e9ac 100644 --- a/test/cmsapitest.c +++ b/test/cmsapitest.c @@ -21,7 +21,7 @@ DEFINE_STACK_OF(X509) static X509 *cert = NULL; static EVP_PKEY *privkey = NULL; -static int test_encrypt_decrypt(void) +static int test_encrypt_decrypt(const EVP_CIPHER *cipher) { int testresult = 0; STACK_OF(X509) *certstack = sk_X509_new_null(); @@ -37,7 +37,7 @@ static int test_encrypt_decrypt(void) if (!TEST_int_gt(sk_X509_push(certstack, cert), 0)) goto end; - content = CMS_encrypt(certstack, msgbio, EVP_aes_128_cbc(), CMS_TEXT); + content = CMS_encrypt(certstack, msgbio, cipher, CMS_TEXT); if (!TEST_ptr(content)) goto end; @@ -60,6 +60,26 @@ static int test_encrypt_decrypt(void) return testresult; } +static int test_encrypt_decrypt_aes_cbc(void) +{ + return test_encrypt_decrypt(EVP_aes_128_cbc()); +} + +static int test_encrypt_decrypt_aes_128_gcm(void) +{ + return test_encrypt_decrypt(EVP_aes_128_gcm()); +} + +static int test_encrypt_decrypt_aes_192_gcm(void) +{ + return test_encrypt_decrypt(EVP_aes_192_gcm()); +} + +static int test_encrypt_decrypt_aes_256_gcm(void) +{ + return test_encrypt_decrypt(EVP_aes_256_gcm()); +} + OPT_TEST_DECLARE_USAGE("certfile privkeyfile\n") int setup_tests(void) @@ -99,7 +119,10 @@ int setup_tests(void) } BIO_free(privkeybio); - ADD_TEST(test_encrypt_decrypt); + ADD_TEST(test_encrypt_decrypt_aes_cbc); + ADD_TEST(test_encrypt_decrypt_aes_128_gcm); + ADD_TEST(test_encrypt_decrypt_aes_192_gcm); + ADD_TEST(test_encrypt_decrypt_aes_256_gcm); return 1; } diff --git a/test/drbgtest.c b/test/drbgtest.c index eeb71f0227..d069460cd5 100644 --- a/test/drbgtest.c +++ b/test/drbgtest.c @@ -23,6 +23,7 @@ #include <openssl/aes.h> #include "../crypto/rand/rand_local.h" #include "../include/crypto/rand.h" +#include "../include/crypto/evp.h" #include "../providers/implementations/rands/drbg_local.h" #include "../crypto/evp/evp_local.h" diff --git a/test/recipes/80-test_cms.t b/test/recipes/80-test_cms.t index 1edddb2a82..65a8e14574 100644 --- a/test/recipes/80-test_cms.t +++ b/test/recipes/80-test_cms.t @@ -298,7 +298,7 @@ my @smime_cms_tests = ( \&final_compare ], - [ "enveloped content test streaming PEM format, KEK", + [ "enveloped content test streaming PEM format, AES-256-CBC cipher, KEK", [ "{cmd1}", @prov, "-encrypt", "-in", $smcont, "-outform", "PEM", "-aes128", "-stream", "-out", "{output}.cms", "-secretkey", "000102030405060708090A0B0C0D0E0F", @@ -310,6 +310,18 @@ my @smime_cms_tests = ( \&final_compare ], + [ "enveloped content test streaming PEM format, AES-256-GCM cipher, KEK", + [ "{cmd1}", @prov, "-encrypt", "-in", $smcont, "-outform", "PEM", "-aes-128-gcm", + "-stream", "-out", "{output}.cms", + "-secretkey", "000102030405060708090A0B0C0D0E0F", + "-secretkeyid", "C0FEE0" ], + [ "{cmd2}", "-decrypt", "-in", "{output}.cms", "-out", "{output}.txt", + "-inform", "PEM", + "-secretkey", "000102030405060708090A0B0C0D0E0F", + "-secretkeyid", "C0FEE0" ], + \&final_compare + ], + [ "enveloped content test streaming PEM format, KEK, key only", [ "{cmd1}", @prov, "-encrypt", "-in", $smcont, "-outform", "PEM", "-aes128", "-stream", "-out", "{output}.cms", @@ -373,7 +385,6 @@ my @smime_cms_tests = ( "-out", "{output}.txt" ], \&final_compare ], - ); my @smime_cms_cades_tests = ( @@ -560,7 +571,7 @@ my @smime_cms_param_tests = ( \&final_compare ], - [ "enveloped content test streaming S/MIME format, ECDH, AES128, SHA256 KDF", + [ "enveloped content test streaming S/MIME format, ECDH, AES-128-CBC, SHA256 KDF", [ "{cmd1}", @prov, "-encrypt", "-in", $smcont, "-stream", "-out", "{output}.cms", "-recip", catfile($smdir, "smec1.pem"), "-aes128", @@ -570,6 +581,15 @@ my @smime_cms_param_tests = ( \&final_compare ], + [ "enveloped content test streaming S/MIME format, ECDH, AES-128-GCM cipher, SHA256 KDF", + [ "{cmd1}", @prov, "-encrypt", "-in", $smcont, + "-stream", "-out", "{output}.cms", + "-recip", catfile($smdir, "smec1.pem"), "-aes-128-gcm", "-keyopt", "ecdh_kdf_md:sha256" ], + [ "{cmd2}", "-decrypt", "-recip", catfile($smdir, "smec1.pem"), + "-in", "{output}.cms", "-out", "{output}.txt" ], + \&final_compare + ], + [ "enveloped content test streaming S/MIME format, ECDH, K-283, cofactor DH", [ "{cmd1}", @prov, "-encrypt", "-in", $smcont, "-stream", "-out", "{output}.cms", |