dockerfile/examples/openssl/openssl-3.2.1-src/test/recipes/15-test_ec.t

#! /usr/bin/env perl
# Copyright 2015-2023 The OpenSSL Project Authors. All Rights Reserved.
#
# Licensed under the Apache License 2.0 (the "License").  You may not use
# this file except in compliance with the License.  You can obtain a copy
# in the file LICENSE in the source distribution or at
# https://www.openssl.org/source/license.html


use strict;
use warnings;

use File::Spec;
use OpenSSL::Test qw/:DEFAULT srctop_file/;
use OpenSSL::Test::Utils;

setup("test_ec");

plan skip_all => 'EC is not supported in this build' if disabled('ec');

plan tests => 15;

my $no_fips = disabled('fips') || ($ENV{NO_FIPS} // 0);

require_ok(srctop_file('test','recipes','tconversion.pl'));

ok(run(test(["ectest"])), "running ectest");

# TODO: remove these when the 'ec' app is removed.
# Also consider moving this to the 20-25 test section because it is testing
# the command line tool in addition to the algorithm.
subtest 'EC conversions -- private key' => sub {
    tconversion( -type => 'ec', -prefix => 'ec-priv',
                 -in => srctop_file("test","testec-p256.pem") );
};
subtest 'EC conversions -- private key PKCS#8' => sub {
    tconversion( -type => 'ec', -prefix => 'ec-pkcs8',
                 -in => srctop_file("test","testec-p256.pem"),
                 -args => "pkey" );
};
subtest 'EC conversions -- public key' => sub {
    tconversion( -type => 'ec', -prefix => 'ec-pub',
                 -in => srctop_file("test","testecpub-p256.pem"),
                 -args => [ "ec", "-pubin", "-pubout" ] );
};

subtest 'PKEY conversions -- private key' => sub {
    tconversion( -type => 'pkey', -prefix => 'ec-pkey-priv',
                 -in => srctop_file("test","testec-p256.pem") );
};
subtest 'PKEY conversions -- private key PKCS#8' => sub {
    tconversion( -type => 'pkey', -prefix => 'ec-pkey-pkcs8',
                 -in => srctop_file("test","testec-p256.pem"),
                 -args => "pkey" );
};
subtest 'PKEY conversions -- public key' => sub {
    tconversion( -type => 'pkey', -prefix => 'ec-pkey-pub',
                 -in => srctop_file("test","testecpub-p256.pem"),
                 -args => [ "pkey", "-pubin", "-pubout" ] );
};

SKIP: {
    skip "ECX is not supported by this OpenSSL build", 6
        if disabled("ecx");
    subtest 'Ed25519 conversions -- private key' => sub {
        tconversion( -type => "pkey", -prefix => "ed25519-pkey-priv",
                     -in => srctop_file("test", "tested25519.pem") );
    };
    subtest 'Ed25519 conversions -- private key PKCS#8' => sub {
        tconversion( -type => "pkey", -prefix => "ed25519-pkey-pkcs8",
                     -in => srctop_file("test", "tested25519.pem"),
                     -args => ["pkey"] );
    };
    subtest 'Ed25519 conversions -- public key' => sub {
        tconversion( -type => "pkey", -prefix => "ed25519-pkey-pub",
                     -in => srctop_file("test", "tested25519pub.pem"),
                     -args => ["pkey", "-pubin", "-pubout"] );
    };
    subtest 'Ed448 conversions -- private key' => sub {
        tconversion( -type => "pkey", -prefix => "ed448-pkey-priv",
                     -in => srctop_file("test", "tested448.pem") );
    };
    subtest 'Ed448 conversions -- private key PKCS#8' => sub {
        tconversion( -type => "pkey", -prefix => "ed448-pkey-pkcs8",
                     -in => srctop_file("test", "tested448.pem"),
                     -args => ["pkey"] );
    };
    subtest 'Ed448 conversions -- public key' => sub {
        tconversion( -type => "pkey", -prefix => "ed448-pkey-pub",
                     -in => srctop_file("test", "tested448pub.pem"),
                     -args => ["pkey", "-pubin", "-pubout"] );
    };
}

subtest 'Check loading of fips and non-fips keys' => sub {
    plan skip_all => "FIPS is disabled"
        if $no_fips;

    plan tests => 2;

    my $fipsconf = srctop_file("test", "fips-and-base.cnf");
    $ENV{OPENSSL_CONF} = $fipsconf;

    ok(!run(app(['openssl', 'pkey',
                 '-check', '-in', srctop_file("test", "testec-p112r1.pem")])),
        "Checking non-fips curve key fails in FIPS provider");

    ok(run(app(['openssl', 'pkey',
                '-provider', 'default',
                '-propquery', '?fips!=yes',
                '-check', '-in', srctop_file("test", "testec-p112r1.pem")])),
        "Checking non-fips curve key succeeds with non-fips property query");

    delete $ENV{OPENSSL_CONF};
}