Add EVP_KDF-X942 to the fips module
[openssl.git] / test / recipes / 30-test_evp.t
1 #! /usr/bin/env perl
2 # Copyright 2015-2020 The OpenSSL Project Authors. All Rights Reserved.
3 #
4 # Licensed under the Apache License 2.0 (the "License").  You may not use
5 # this file except in compliance with the License.  You can obtain a copy
6 # in the file LICENSE in the source distribution or at
7 # https://www.openssl.org/source/license.html
8
9
10 use strict;
11 use warnings;
12
13 use OpenSSL::Test qw(:DEFAULT data_file bldtop_dir srctop_file srctop_dir bldtop_file);
14 use OpenSSL::Test::Utils;
15
16 BEGIN {
17     setup("test_evp");
18 }
19
20 use lib srctop_dir('Configurations');
21 use lib bldtop_dir('.');
22 use platform;
23
24 my $no_fips = disabled('fips') || ($ENV{NO_FIPS} // 0);
25 my $no_legacy = disabled('legacy') || ($ENV{NO_LEGACY} // 0);
26 my $no_dh = disabled("dh");
27 my $no_dsa = disabled("dsa");
28 my $no_ec = disabled("ec");
29 my $no_gost = disabled("gost");
30 my $no_sm2 = disabled("sm2");
31
32 # Default config depends on if the legacy module is built or not
33 my $defaultcnf = $no_legacy ? 'default.cnf' : 'default-and-legacy.cnf';
34
35 my @configs = ( $defaultcnf );
36 # Only add the FIPS config if the FIPS module has been built
37 push @configs, 'fips-and-base.cnf' unless $no_fips;
38
39 # A list of tests that run with both the default and fips provider.
40 my @files = qw(
41                 evpciph_aes_ccm_cavs.txt
42                 evpciph_aes_common.txt
43                 evpciph_aes_cts1.txt
44                 evpciph_aes_wrap.txt
45                 evpciph_des3_common.txt
46                 evpkdf_hkdf.txt
47                 evpkdf_pbkdf2.txt
48                 evpkdf_ss.txt
49                 evpkdf_ssh.txt
50                 evpkdf_tls12_prf.txt
51                 evpkdf_x942.txt
52                 evpkdf_x963.txt
53                 evpmac_common.txt
54                 evpmd_sha.txt
55                 evppbe_pbkdf2.txt
56                 evppkey_kdf_hkdf.txt
57                 evppkey_rsa_common.txt
58                 evprand.txt
59               );
60 push @files, qw(evppkey_ffdhe.txt) unless $no_dh;
61 push @files, qw(evppkey_dsa.txt) unless $no_dsa;
62 push @files, qw(evppkey_ecx.txt) unless $no_ec;
63 push @files, qw(
64                 evppkey_ecc.txt
65                 evppkey_ecdh.txt
66                 evppkey_ecdsa.txt
67                 evppkey_kas.txt
68                 evppkey_mismatch.txt
69               ) unless $no_ec || $no_gost;
70
71 # A list of tests that only run with the default provider
72 # (i.e. The algorithms are not present in the fips provider)
73 my @defltfiles = qw(
74                      evpciph_aes_cts23.txt
75                      evpciph_aes_ocb.txt
76                      evpciph_aes_siv.txt
77                      evpciph_aria.txt 
78                      evpciph_bf.txt
79                      evpciph_camellia.txt
80                      evpciph_cast5.txt
81                      evpciph_chacha.txt
82                      evpciph_des.txt
83                      evpciph_idea.txt
84                      evpciph_rc2.txt
85                      evpciph_rc4.txt
86                      evpciph_rc5.txt
87                      evpciph_seed.txt
88                      evpciph_sm4.txt
89                      evpencod.txt
90                      evpkdf_krb5.txt
91                      evpkdf_scrypt.txt
92                      evpkdf_tls11_prf.txt
93                      evpmac_blake.txt
94                      evpmac_poly1305.txt
95                      evpmac_siphash.txt
96                      evpmd_blake.txt
97                      evpmd_md.txt
98                      evpmd_mdc2.txt
99                      evpmd_ripemd.txt
100                      evpmd_sm3.txt
101                      evpmd_whirlpool.txt
102                      evppbe_scrypt.txt
103                      evppbe_pkcs12.txt
104                      evppkey_kdf_scrypt.txt
105                      evppkey_kdf_tls1_prf.txt
106                      evppkey_rsa.txt
107                     );
108 push @defltfiles, qw(evppkey_brainpool.txt) unless $no_ec;
109 push @defltfiles, qw(evppkey_sm2.txt) unless $no_sm2;
110
111 plan tests =>
112     ($no_fips ? 0 : 1)          # FIPS install test
113     + (scalar(@configs) * scalar(@files))
114     + scalar(@defltfiles)
115     + 3; # error output tests
116
117 unless ($no_fips) {
118     my $infile = bldtop_file('providers', platform->dso('fips'));
119
120     ok(run(app(['openssl', 'fipsinstall',
121                 '-out', bldtop_file('providers', 'fipsmodule.cnf'),
122                 '-module', $infile])),
123        "fipsinstall");
124 }
125
126 foreach (@configs) {
127     my $conf = srctop_file("test", $_);
128
129     foreach my $f ( @files ) {
130         ok(run(test(["evp_test",
131                      "-config", $conf,
132                      data_file("$f")])),
133            "running evp_test -config $conf $f");
134     }
135 }
136
137 my $conf = srctop_file("test", $defaultcnf);
138 foreach my $f ( @defltfiles ) {
139     ok(run(test(["evp_test",
140                  "-config", $conf,
141                  data_file("$f")])),
142        "running evp_test -config $conf $f");
143 }
144
145 sub test_errors { # actually tests diagnostics of OSSL_STORE
146     my ($expected, $key, @opts) = @_;
147     my $infile = srctop_file('test', 'certs', $key);
148     my @args = qw(openssl pkey -in);
149     push(@args, $infile, @opts);
150     my $tmpfile = 'out.txt';
151     my $res = !run(app([@args], stderr => $tmpfile));
152     my $found = 0;
153     open(my $in, '<', $tmpfile) or die "Could not open file $tmpfile";
154     while(<$in>) {
155         print; # this may help debugging
156         $res &&= !m/asn1 encoding/; # output must not include ASN.1 parse errors
157         $found = 1 if m/$expected/; # output must include $expected
158     }
159     close $in;
160     # $tmpfile is kept to help with investigation in case of failure
161     return $res && $found;
162 }
163
164 SKIP: {
165     skip "DSA not disabled", 2 if !disabled("dsa");
166
167     ok(test_errors("unsupported algorithm", "server-dsa-key.pem"),
168        "error loading unsupported dsa private key");
169     ok(test_errors("unsupported algorithm", "server-dsa-pubkey.pem", "-pubin"),
170        "error loading unsupported dsa public key");
171 }
172
173 SKIP: {
174     skip "sm2 not disabled", 1 if !disabled("sm2");
175
176     ok(test_errors("unknown group|unsupported algorithm", "sm2.key"),
177        "error loading unsupported sm2 private key");
178 }