xref: /openssl/test/recipes/15-test_rsaoaep.t (revision 8020d79b) 
1#! /usr/bin/env perl
2# Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved.
3#
4# Licensed under the Apache License 2.0 (the "License").  You may not use
5# this file except in compliance with the License.  You can obtain a copy
6# in the file LICENSE in the source distribution or at
7# https://www.openssl.org/source/license.html
8
9use strict;
10use warnings;
11
12use OpenSSL::Test qw(:DEFAULT data_file bldtop_dir srctop_file srctop_dir bldtop_file);
13use OpenSSL::Test::Utils;
14use File::Compare qw/compare_text/;
15
16BEGIN {
17    setup("test_rsaoaep");
18}
19use lib srctop_dir('Configurations');
20use lib bldtop_dir('.');
21
22my $no_check = disabled('fips-securitychecks');
23
24plan tests =>
25    ($no_check ? 0 : 1)         # FIPS security check
26    + 9;
27
28my @prov = ( );
29my $provconf = srctop_file("test", "fips-and-base.cnf");
30my $provpath = bldtop_dir("providers");
31my $msg_file = data_file("plain_text");
32my $enc1_file = "enc1.bin";
33my $enc2_file = "enc2.bin";
34my $enc3_file = "enc3.bin";
35my $dec1_file = "dec1.txt";
36my $dec2_file = "dec2.txt";
37my $dec3_file = "dec3.txt";
38my $key_file = srctop_file("test", "testrsa2048.pem");
39my $small_key_file = srctop_file("test", "testrsa.pem");
40
41$ENV{OPENSSL_TEST_LIBCTX} = "1";
42
43unless ($no_check) {
44    @prov = ( "-provider-path", $provpath, "-config", $provconf );
45    ok(!run(app(['openssl', 'pkeyutl',
46                 @prov,
47                 '-encrypt',
48                 '-in', $msg_file,
49                 '-inkey', $small_key_file,
50                 '-pkeyopt', 'pad-mode:oaep',
51                 '-pkeyopt', 'oaep-label:123',
52                 '-pkeyopt', 'digest:sha1',
53                 '-pkeyopt', 'mgf1-digest:sha1',
54                 '-out', $enc1_file])),
55       "RSA OAEP Encryption with a key smaller than 2048 in fips mode should fail");
56}
57
58ok(run(app(['openssl', 'pkeyutl',
59            @prov,
60            '-encrypt',
61            '-in', $msg_file,
62            '-inkey', $key_file,
63            '-pkeyopt', 'pad-mode:oaep',
64            '-pkeyopt', 'oaep-label:123',
65            '-pkeyopt', 'digest:sha1',
66            '-pkeyopt', 'mgf1-digest:sha1',
67            '-out', $enc1_file])),
68   "RSA OAEP Encryption");
69
70ok(!run(app(['openssl', 'pkeyutl',
71             @prov,
72             '-encrypt',
73             '-in', $key_file,
74             '-inkey', $key_file,
75             '-pkeyopt', 'pad-mode:oaep',
76             '-pkeyopt', 'oaep-label:123',
77             '-pkeyopt', 'digest:sha256',
78             '-pkeyopt', 'mgf1-digest:sha1'])),
79   "RSA OAEP Encryption should fail if the message is larger than the rsa modulus");
80
81ok(run(app(['openssl', 'pkeyutl',
82            @prov,
83            '-decrypt',
84            '-inkey', $key_file,
85            '-pkeyopt', 'pad-mode:oaep',
86            '-pkeyopt', 'oaep-label:123',
87            '-pkeyopt', 'digest:sha1',
88            '-pkeyopt', 'mgf1-digest:sha1',
89            '-in', $enc1_file,
90            '-out', $dec1_file]))
91    && compare_text($dec1_file, $msg_file) == 0,
92    "RSA OAEP Decryption");
93
94ok(!run(app(['openssl', 'pkeyutl',
95             @prov,
96             '-decrypt',
97             '-inkey', $key_file,
98             '-pkeyopt', 'pad-mode:oaep',
99             '-pkeyopt', 'oaep-label:123',
100             '-pkeyopt', 'digest:sha256',
101             '-pkeyopt', 'mgf1-digest:sha224',
102             '-in', $enc1_file])),
103    "Incorrect digest for RSA OAEP Decryption");
104
105ok(!run(app(['openssl', 'pkeyutl',
106             @prov,
107             '-decrypt',
108             '-inkey', $key_file,
109             '-pkeyopt', 'pad-mode:oaep',
110             '-pkeyopt', 'oaep-label:123',
111             '-pkeyopt', 'digest:sha1',
112             '-pkeyopt', 'mgf1-digest:sha224',
113             '-in', $enc1_file])),
114    "Incorrect mgf1-digest for RSA OAEP Decryption");
115
116ok(run(app(['openssl', 'pkeyutl',
117            @prov,
118            '-encrypt',
119            '-in', $msg_file,
120            '-inkey', $key_file,
121            '-pkeyopt', 'pad-mode:oaep',
122            '-pkeyopt', 'oaep-label:123',
123            '-pkeyopt', 'digest:sha1',
124            '-pkeyopt', 'mgf1-digest:sha1',
125            '-out', $enc2_file]))
126    && compare_text($enc2_file, $enc1_file) != 0,
127   "RSA OAEP Encryption should generate different encrypted data");
128
129ok(run(app(['openssl', 'pkeyutl',
130            @prov,
131            '-decrypt',
132            '-inkey', $key_file,
133            '-pkeyopt', 'pad-mode:oaep',
134            '-pkeyopt', 'oaep-label:123',
135            '-in', $enc2_file,
136            '-out', $dec2_file]))
137    && compare_text($dec2_file, $msg_file) == 0,
138    "RSA OAEP Decryption with default digests");
139
140ok(run(app(['openssl', 'pkeyutl',
141            @prov,
142            '-encrypt',
143            '-in', $msg_file,
144            '-inkey', $key_file,
145            '-pkeyopt', 'pad-mode:oaep',
146            '-pkeyopt', 'oaep-label:123',
147            '-out', $enc3_file])),
148   "RSA OAEP Encryption with default digests");
149
150ok(run(app(['openssl', 'pkeyutl',
151            @prov,
152            '-decrypt',
153            '-inkey', $key_file,
154            '-pkeyopt', 'pad-mode:oaep',
155            '-pkeyopt', 'oaep-label:123',
156            '-pkeyopt', 'digest:sha1',
157            '-pkeyopt', 'mgf1-digest:sha1',
158            '-in', $enc3_file,
159            '-out', $dec3_file]))
160    && compare_text($dec3_file, $msg_file) == 0,
161    "RSA OAEP Decryption with explicit default digests");
162