aboutsummaryrefslogtreecommitdiff
path: root/test/recipes/15-test_rsaoaep.t
diff options
context:
space:
mode:
Diffstat (limited to 'test/recipes/15-test_rsaoaep.t')
-rw-r--r--test/recipes/15-test_rsaoaep.t161
1 files changed, 161 insertions, 0 deletions
diff --git a/test/recipes/15-test_rsaoaep.t b/test/recipes/15-test_rsaoaep.t
new file mode 100644
index 000000000000..5618d5e2bc17
--- /dev/null
+++ b/test/recipes/15-test_rsaoaep.t
@@ -0,0 +1,161 @@
+#! /usr/bin/env perl
+# Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the Apache License 2.0 (the "License"). You may not use
+# this file except in compliance with the License. You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+use strict;
+use warnings;
+
+use OpenSSL::Test qw(:DEFAULT data_file bldtop_dir srctop_file srctop_dir bldtop_file);
+use OpenSSL::Test::Utils;
+use File::Compare qw/compare_text/;
+
+BEGIN {
+ setup("test_rsaoaep");
+}
+use lib srctop_dir('Configurations');
+use lib bldtop_dir('.');
+
+my $no_check = disabled('fips-securitychecks');
+
+plan tests =>
+ ($no_check ? 0 : 1) # FIPS security check
+ + 9;
+
+my @prov = ( );
+my $provconf = srctop_file("test", "fips-and-base.cnf");
+my $provpath = bldtop_dir("providers");
+my $msg_file = data_file("plain_text");
+my $enc1_file = "enc1.bin";
+my $enc2_file = "enc2.bin";
+my $enc3_file = "enc3.bin";
+my $dec1_file = "dec1.txt";
+my $dec2_file = "dec2.txt";
+my $dec3_file = "dec3.txt";
+my $key_file = srctop_file("test", "testrsa2048.pem");
+my $small_key_file = srctop_file("test", "testrsa.pem");
+
+$ENV{OPENSSL_TEST_LIBCTX} = "1";
+
+unless ($no_check) {
+ @prov = ( "-provider-path", $provpath, "-config", $provconf );
+ ok(!run(app(['openssl', 'pkeyutl',
+ @prov,
+ '-encrypt',
+ '-in', $msg_file,
+ '-inkey', $small_key_file,
+ '-pkeyopt', 'pad-mode:oaep',
+ '-pkeyopt', 'oaep-label:123',
+ '-pkeyopt', 'digest:sha1',
+ '-pkeyopt', 'mgf1-digest:sha1',
+ '-out', $enc1_file])),
+ "RSA OAEP Encryption with a key smaller than 2048 in fips mode should fail");
+}
+
+ok(run(app(['openssl', 'pkeyutl',
+ @prov,
+ '-encrypt',
+ '-in', $msg_file,
+ '-inkey', $key_file,
+ '-pkeyopt', 'pad-mode:oaep',
+ '-pkeyopt', 'oaep-label:123',
+ '-pkeyopt', 'digest:sha1',
+ '-pkeyopt', 'mgf1-digest:sha1',
+ '-out', $enc1_file])),
+ "RSA OAEP Encryption");
+
+ok(!run(app(['openssl', 'pkeyutl',
+ @prov,
+ '-encrypt',
+ '-in', $key_file,
+ '-inkey', $key_file,
+ '-pkeyopt', 'pad-mode:oaep',
+ '-pkeyopt', 'oaep-label:123',
+ '-pkeyopt', 'digest:sha256',
+ '-pkeyopt', 'mgf1-digest:sha1'])),
+ "RSA OAEP Encryption should fail if the message is larger than the rsa modulus");
+
+ok(run(app(['openssl', 'pkeyutl',
+ @prov,
+ '-decrypt',
+ '-inkey', $key_file,
+ '-pkeyopt', 'pad-mode:oaep',
+ '-pkeyopt', 'oaep-label:123',
+ '-pkeyopt', 'digest:sha1',
+ '-pkeyopt', 'mgf1-digest:sha1',
+ '-in', $enc1_file,
+ '-out', $dec1_file]))
+ && compare_text($dec1_file, $msg_file) == 0,
+ "RSA OAEP Decryption");
+
+ok(!run(app(['openssl', 'pkeyutl',
+ @prov,
+ '-decrypt',
+ '-inkey', $key_file,
+ '-pkeyopt', 'pad-mode:oaep',
+ '-pkeyopt', 'oaep-label:123',
+ '-pkeyopt', 'digest:sha256',
+ '-pkeyopt', 'mgf1-digest:sha224',
+ '-in', $enc1_file])),
+ "Incorrect digest for RSA OAEP Decryption");
+
+ok(!run(app(['openssl', 'pkeyutl',
+ @prov,
+ '-decrypt',
+ '-inkey', $key_file,
+ '-pkeyopt', 'pad-mode:oaep',
+ '-pkeyopt', 'oaep-label:123',
+ '-pkeyopt', 'digest:sha1',
+ '-pkeyopt', 'mgf1-digest:sha224',
+ '-in', $enc1_file])),
+ "Incorrect mgf1-digest for RSA OAEP Decryption");
+
+ok(run(app(['openssl', 'pkeyutl',
+ @prov,
+ '-encrypt',
+ '-in', $msg_file,
+ '-inkey', $key_file,
+ '-pkeyopt', 'pad-mode:oaep',
+ '-pkeyopt', 'oaep-label:123',
+ '-pkeyopt', 'digest:sha1',
+ '-pkeyopt', 'mgf1-digest:sha1',
+ '-out', $enc2_file]))
+ && compare_text($enc2_file, $enc1_file) != 0,
+ "RSA OAEP Encryption should generate different encrypted data");
+
+ok(run(app(['openssl', 'pkeyutl',
+ @prov,
+ '-decrypt',
+ '-inkey', $key_file,
+ '-pkeyopt', 'pad-mode:oaep',
+ '-pkeyopt', 'oaep-label:123',
+ '-in', $enc2_file,
+ '-out', $dec2_file]))
+ && compare_text($dec2_file, $msg_file) == 0,
+ "RSA OAEP Decryption with default digests");
+
+ok(run(app(['openssl', 'pkeyutl',
+ @prov,
+ '-encrypt',
+ '-in', $msg_file,
+ '-inkey', $key_file,
+ '-pkeyopt', 'pad-mode:oaep',
+ '-pkeyopt', 'oaep-label:123',
+ '-out', $enc3_file])),
+ "RSA OAEP Encryption with default digests");
+
+ok(run(app(['openssl', 'pkeyutl',
+ @prov,
+ '-decrypt',
+ '-inkey', $key_file,
+ '-pkeyopt', 'pad-mode:oaep',
+ '-pkeyopt', 'oaep-label:123',
+ '-pkeyopt', 'digest:sha1',
+ '-pkeyopt', 'mgf1-digest:sha1',
+ '-in', $enc3_file,
+ '-out', $dec3_file]))
+ && compare_text($dec3_file, $msg_file) == 0,
+ "RSA OAEP Decryption with explicit default digests");
generated by cgit v1.2.3 (git 2.25.1) at 2025-11-10 06:12:54 +0000