2 # Copyright 2020 The OpenSSL Project Authors. All Rights Reserved.
4 # Licensed under the Apache License 2.0 (the "License"). You may not use
5 # this file except in compliance with the License. You can obtain a copy
6 # in the file LICENSE in the source distribution or at
7 # https://www.openssl.org/source/license.html
12 use OpenSSL::Test qw(:DEFAULT data_file bldtop_dir srctop_file srctop_dir bldtop_file);
13 use OpenSSL::Test::Utils;
14 use File::Compare qw/compare_text/;
17 setup("test_rsaoaep");
19 use lib srctop_dir('Configurations');
20 use lib bldtop_dir('.');
23 my $no_fips = disabled('fips') || ($ENV{NO_FIPS} // 0);
24 my $no_check = disabled('fips-securitychecks');
27 ($no_fips ? 0 : 1 + ($no_check ? 0 : 1)) # FIPS install test
31 my $provconf = srctop_file("test", "fips-and-base.cnf");
32 my $provpath = bldtop_dir("providers");
33 my $msg_file = data_file("plain_text");
34 my $enc1_file = "enc1.bin";
35 my $enc2_file = "enc2.bin";
36 my $enc3_file = "enc3.bin";
37 my $dec1_file = "dec1.txt";
38 my $dec2_file = "dec2.txt";
39 my $dec3_file = "dec3.txt";
40 my $key_file = srctop_file("test", "testrsa2048.pem");
41 my $small_key_file = srctop_file("test", "testrsa.pem");
44 @prov = ( "-provider-path", $provpath, "-config", $provconf );
45 my $infile = bldtop_file('providers', platform->dso('fips'));
47 ok(run(app(['openssl', 'fipsinstall',
48 '-out', bldtop_file('providers', 'fipsmodule.cnf'),
49 '-module', $infile])),
51 $ENV{OPENSSL_TEST_LIBCTX} = "1";
54 ok(!run(app(['openssl', 'pkeyutl',
58 '-inkey', $small_key_file,
59 '-pkeyopt', 'pad-mode:oaep',
60 '-pkeyopt', 'oaep-label:123',
61 '-pkeyopt', 'digest:sha1',
62 '-pkeyopt', 'mgf1-digest:sha1',
63 '-out', $enc1_file])),
64 "RSA OAEP Encryption with a key smaller than 2048 in fips mode should fail");
68 ok(run(app(['openssl', 'pkeyutl',
73 '-pkeyopt', 'pad-mode:oaep',
74 '-pkeyopt', 'oaep-label:123',
75 '-pkeyopt', 'digest:sha1',
76 '-pkeyopt', 'mgf1-digest:sha1',
77 '-out', $enc1_file])),
78 "RSA OAEP Encryption");
80 ok(!run(app(['openssl', 'pkeyutl',
85 '-pkeyopt', 'pad-mode:oaep',
86 '-pkeyopt', 'oaep-label:123',
87 '-pkeyopt', 'digest:sha256',
88 '-pkeyopt', 'mgf1-digest:sha1'])),
89 "RSA OAEP Encryption should fail if the message is larger than the rsa modulus");
91 ok(run(app(['openssl', 'pkeyutl',
95 '-pkeyopt', 'pad-mode:oaep',
96 '-pkeyopt', 'oaep-label:123',
97 '-pkeyopt', 'digest:sha1',
98 '-pkeyopt', 'mgf1-digest:sha1',
100 '-out', $dec1_file]))
101 && compare_text($dec1_file, $msg_file) == 0,
102 "RSA OAEP Decryption");
104 ok(!run(app(['openssl', 'pkeyutl',
108 '-pkeyopt', 'pad-mode:oaep',
109 '-pkeyopt', 'oaep-label:123',
110 '-pkeyopt', 'digest:sha256',
111 '-pkeyopt', 'mgf1-digest:sha224',
112 '-in', $enc1_file])),
113 "Incorrect digest for RSA OAEP Decryption");
115 ok(!run(app(['openssl', 'pkeyutl',
119 '-pkeyopt', 'pad-mode:oaep',
120 '-pkeyopt', 'oaep-label:123',
121 '-pkeyopt', 'digest:sha1',
122 '-pkeyopt', 'mgf1-digest:sha224',
123 '-in', $enc1_file])),
124 "Incorrect mgf1-digest for RSA OAEP Decryption");
126 ok(run(app(['openssl', 'pkeyutl',
131 '-pkeyopt', 'pad-mode:oaep',
132 '-pkeyopt', 'oaep-label:123',
133 '-pkeyopt', 'digest:sha1',
134 '-pkeyopt', 'mgf1-digest:sha1',
135 '-out', $enc2_file]))
136 && compare_text($enc2_file, $enc1_file) != 0,
137 "RSA OAEP Encryption should generate different encrypted data");
139 ok(run(app(['openssl', 'pkeyutl',
143 '-pkeyopt', 'pad-mode:oaep',
144 '-pkeyopt', 'oaep-label:123',
146 '-out', $dec2_file]))
147 && compare_text($dec2_file, $msg_file) == 0,
148 "RSA OAEP Decryption with default digests");
150 ok(run(app(['openssl', 'pkeyutl',
155 '-pkeyopt', 'pad-mode:oaep',
156 '-pkeyopt', 'oaep-label:123',
157 '-out', $enc3_file])),
158 "RSA OAEP Encryption with default digests");
160 ok(run(app(['openssl', 'pkeyutl',
164 '-pkeyopt', 'pad-mode:oaep',
165 '-pkeyopt', 'oaep-label:123',
166 '-pkeyopt', 'digest:sha1',
167 '-pkeyopt', 'mgf1-digest:sha1',
169 '-out', $dec3_file]))
170 && compare_text($dec3_file, $msg_file) == 0,
171 "RSA OAEP Decryption with explicit default digests");