mirror of
https://github.com/openssl/openssl.git
synced 2025-01-12 13:36:28 +08:00
130 lines
4.6 KiB
Perl
130 lines
4.6 KiB
Perl
|
#! /usr/bin/env perl
|
||
|
# Copyright 2022-2024 The OpenSSL Project Authors. All Rights Reserved.
|
||
|
#
|
||
|
# Licensed under the Apache License 2.0 (the "License"). You may not use
|
||
|
# this file except in compliance with the License. You can obtain a copy
|
||
|
# in the file LICENSE in the source distribution or at
|
||
|
# https://www.openssl.org/source/license.html
|
||
|
|
||
|
use strict;
|
||
|
use warnings;
|
||
|
|
||
|
use OpenSSL::Test::Utils;
|
||
|
use File::Copy;
|
||
|
use File::Compare qw(compare);
|
||
|
use OpenSSL::Test qw/:DEFAULT srctop_file/;
|
||
|
|
||
|
setup("test_pkey");
|
||
|
|
||
|
plan tests => 5;
|
||
|
|
||
|
my @app = ('openssl', 'pkey');
|
||
|
|
||
|
my $in_key = srctop_file('test', 'certs', 'root-key.pem');
|
||
|
my $pass = 'pass:password';
|
||
|
|
||
|
subtest "=== pkey typical en-/decryption (using AES256-CBC) ===" => sub {
|
||
|
plan tests => 4;
|
||
|
|
||
|
my $encrypted_key = 'encrypted_key.pem';
|
||
|
my $decrypted_key = 'decrypted_key.pem';
|
||
|
|
||
|
ok(run(app([@app, '-aes256', '-in', $in_key, '-out', $encrypted_key,
|
||
|
'-passout', $pass])),
|
||
|
"encrypt key (using aes-256-cbc)");
|
||
|
|
||
|
ok(run(app(['openssl', 'asn1parse', '-in', $encrypted_key,
|
||
|
'-offset', '34', '-length', '18'])), # incl. 2 bytes header
|
||
|
"encrypted key has default PBKDF2 PARAM 'salt length' 16");
|
||
|
|
||
|
ok(run(app([@app, '-in', $encrypted_key, '-out', $decrypted_key,
|
||
|
'-passin', $pass])),
|
||
|
"decrypt key");
|
||
|
is(compare($in_key, $decrypted_key), 0,
|
||
|
"Same file contents after encrypting and decrypting in separate files");
|
||
|
};
|
||
|
|
||
|
subtest "=== pkey handling of identical input and output files (using 3DES) and -traditional ===" => sub {
|
||
|
plan skip_all => "DES not supported in this build" if disabled("des");
|
||
|
plan tests => 4;
|
||
|
|
||
|
my $inout = 'inout.pem';
|
||
|
|
||
|
copy($in_key, $inout);
|
||
|
ok(run(app([@app, '-des3', '-traditional', '-in', $inout, '-out', $inout,
|
||
|
'-passout', $pass])),
|
||
|
"encrypt using identical infile and outfile");
|
||
|
|
||
|
sub file_line_contains { grep /$_[0]/, ((open F, $_[1]), <F>, close F) }
|
||
|
ok(file_line_contains("DEK-Info: DES-EDE3-CBC,", $inout),
|
||
|
"traditional encoding contains \"DEK-Info: DES-EDE3-CBC,\"");
|
||
|
|
||
|
ok(run(app([@app, '-in', $inout, '-out', $inout, '-passin', $pass])),
|
||
|
"decrypt using identical infile and outfile");
|
||
|
is(compare($in_key, $inout), 0,
|
||
|
"Same file contents after encrypting and decrypting using same file");
|
||
|
};
|
||
|
|
||
|
subtest "=== pkey handling of public keys (Ed25519) ===" => sub {
|
||
|
plan skip_all => "ECX not supported inthis build" if disabled("ecx");
|
||
|
plan tests => 6;
|
||
|
|
||
|
my $in_ed_key = srctop_file('test', 'certs', 'root-ed25519.privkey.pem');
|
||
|
my $in_pubkey = srctop_file('test', 'certs', 'root-ed25519.pubkey.pem');
|
||
|
|
||
|
my $pub_out1 = 'pub1.pem';
|
||
|
ok(run(app([@app, '-in', $in_ed_key, '-pubout', '-out', $pub_out1])),
|
||
|
"extract public key");
|
||
|
is(compare($in_pubkey, $pub_out1), 0,
|
||
|
"extracted public key is same as original public key");
|
||
|
|
||
|
my $pub_out2 = 'pub2.pem';
|
||
|
ok(run(app([@app, '-in', $in_pubkey, '-pubin', '-pubout', '-out', $pub_out2])),
|
||
|
"read public key from pubfile");
|
||
|
is(compare($in_pubkey, $pub_out2), 0,
|
||
|
"public key read using pubfile is same as original public key");
|
||
|
|
||
|
my $pub_out3 = 'pub3.pem';
|
||
|
ok(run(app([@app, '-in', $in_ed_key, '-pubin', '-pubout', '-out', $pub_out3])),
|
||
|
"extract public key from pkey file with -pubin");
|
||
|
is(compare($in_pubkey, $pub_out3), 0,
|
||
|
"public key extraced from pkey file with -pubin is same as original");
|
||
|
};
|
||
|
|
||
|
|
||
|
subtest "=== pkey handling of DER encoding ===" => sub {
|
||
|
plan tests => 4;
|
||
|
|
||
|
my $der_out = 'key.der';
|
||
|
my $pem_out = 'key.pem';
|
||
|
ok(run(app([@app, '-in', $in_key, '-outform', 'DER',
|
||
|
'-out', $der_out])),
|
||
|
"write DER-encoded pkey");
|
||
|
|
||
|
ok(run(app(['openssl', 'asn1parse', '-in', $der_out, '-inform', 'DER',
|
||
|
'-offset', '268', '-length', '5'])), # incl. 2 bytes header
|
||
|
"see if length of the modulus encoding is included");
|
||
|
|
||
|
ok(run(app([@app, '-in', $der_out, '-inform', 'DER',
|
||
|
'-out', $pem_out])),
|
||
|
"read DER-encoded key");
|
||
|
is(compare($in_key, $pem_out), 0,
|
||
|
"Same file contents after converting to DER and back");
|
||
|
};
|
||
|
|
||
|
subtest "=== pkey text output ===" => sub {
|
||
|
plan tests => 3;
|
||
|
|
||
|
ok((grep /BEGIN PRIVATE KEY/,
|
||
|
run(app([@app, '-in', $in_key, '-text']), capture => 1)),
|
||
|
"pkey text output contains PEM header");
|
||
|
|
||
|
ok(!(grep /BEGIN PRIVATE KEY/,
|
||
|
run(app([@app, '-in', $in_key, '-text', '-noout']), capture => 1)),
|
||
|
"pkey text output with -noout does not contain PEM header");
|
||
|
|
||
|
ok((grep /Private-Key:/,
|
||
|
run(app([@app, '-in', $in_key, '-text', '-noout']), capture => 1)),
|
||
|
"pkey text output (even with -noout) contains \"Private-Key:\"");
|
||
|
};
|